Download Print this page

Foundry Networks FESX Manual

Foundry Networks FESX Manual

Fastiron x-series

Hide thumbs Also See for FESX:

Installation manual (94 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

See also: Installation Manual

Foundry FastIron X-Series

Configuration Guide

FastIron Edge Switch X-Series

FastIron Workgroup Switch X-Series

FastIron SuperX Switch

™

2100 Gold Street

P.O. Box 649100

San Jose, CA 95164-9100

Tel 408.586.1700

Fax 408.586.1900

December 2005

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the FESX and is the answer not in the manual?

Questions and answers

Summary of Contents for Foundry Networks FESX

Page 1: Configuration Guide
Foundry FastIron X-Series Configuration Guide FastIron Edge Switch X-Series FastIron Workgroup Switch X-Series FastIron SuperX Switch ™ 2100 Gold Street P.O. Box 649100 San Jose, CA 95164-9100 Tel 408.586.1700 Fax 408.586.1900 December 2005...
Page 2 You are not permitted to use these Marks without the prior written consent of Foundry or such appropriate third party. Foundry Networks, BigIron, FastIron, IronView, JetCore, NetIron, ServerIron, TurboIron, IronWare, EdgeIron, IronPoint, the Iron family of marks and the Foundry Logo are trademarks or registered trademarks of Foundry Networks, Inc. in the United States and other countries.
Page 3: Table Of Contents
PECIAL HARACTERS IN EGULAR XPRESSIONS ...............2-8 OGGING HROUGH THE ANAGEMENT NTERFACE ..................2-9 AVIGATING THE ANAGEMENT NTERFACE ................2-11 OGGING ON HROUGH ETWORK ANAGER HAPTER ..........3-1 ONFIGURING ASIC OFTWARE EATURES ....................3-2 ONFIGURING ASIC YSTEM ARAMETERS December 2005 © Foundry Networks, Inc.
Page 4 Foundry Configuration Guide for the FESX, FSX, and FWSX ................3-2 NTERING YSTEM DMINISTRATION NFORMATION (SNMP) P .......3-3 ONFIGURING IMPLE ETWORK ANAGEMENT ROTOCOL ARAMETERS ..........3-7 ONFIGURING AN NTERFACE AS THE OURCE FOR ELNET ACKETS ..................3-7 ANCELLING AN UTBOUND ELNET ESSION TFTP P ..........3-7...
Page 5 ............6-7 ETTING THE OWER LASS FOR A OWER ONSUMING EVICE ........................6-7 ONFIGURATION OTES ..........................6-8 OMMAND YNTAX POE P ................6-8 ETTING THE LINE OWER RIORITY FOR A ..........................6-9 OMMAND YNTAX POE P ........................6-9 ESETTING ARAMETERS December 2005 © Foundry Networks, Inc.
Page 6 Foundry Configuration Guide for the FESX, FSX, and FWSX ..................6-10 ISPLAYING OWER OVER THERNET NFORMATION POE O ....................6-10 ISPLAYING PERATIONAL TATUS POE P ..........6-13 ISPLAYING ETAILED NFORMATION BOUT OWER UPPLIES HAPTER (STP) ONFIGURING PANNING ROTOCOL ................. 7-1 EATURES ..........................7-1 HAPTER...
Page 7 ......................10-9 DDITIONAL RUNKING PTIONS ..............10-11 ISPLAYING RUNK ROUP ONFIGURATION NFORMATION .........................10-13 YNAMIC GGREGATION .......................10-13 ONFIGURATION XAMPLE ........................10-15 ONFIGURATION OTES ..................10-15 DAPTATION TO RUNK ISAPPEARANCE ......................10-16 LEXIBLE RUNK LIGIBILITY ..........................10-17 OMMAND YNTAX ....................10-18 GGREGATION ARAMETERS December 2005 © Foundry Networks, Inc.
Page 8 Foundry Configuration Guide for the FESX, FSX, and FWSX ............10-22 ISPLAYING AND ETERMINING THE TATUS OF GGREGATE INKS ........................10-23 BOUT LOCKED ORTS ............10-23 ISPLAYING GGREGATION AND TATUS NFORMATION LACP S ............10-26 ISPLAYING RUNK ROUP AND TATUS NFORMATION ................10-26 LEARING THE...
Page 9 XTENDED AMED ACL S ......................12-15 XTENDED AMED YNTAX ..............12-18 ONFIGURATION XAMPLE FOR XTENDED AMED ACL E ....................12-18 DDING A OMMENT TO AN NTRY ACL F ..........12-20 NABLING TRICT ONTROL OF ILTERING OF RAGMENTED ACKETS December 2005 © Foundry Networks, Inc.
Page 10 Foundry Configuration Guide for the FESX, FSX, and FWSX ACL F VLAN M NABLING ILTERING ASED ON EMBERSHIP OR VE P ........................12-20 EMBERSHIP VLAN M ) ....12-21 PPLYING AN PECIFIC EMBERS ON A AYER EVICES ) ..12-21 PPLYING AN TO A...
Page 11 ACKET ARAMETERS ID ......................16-23 HANGING THE OUTER , TACACS/TACACS+, PECIFYING A INGLE OURCE NTERFACE FOR ELNET RADIUS P .......................16-24 ACKETS ARP P ....................16-25 ONFIGURING ARAMETERS ..................16-29 ONFIGURING ORWARDING ARAMETERS ICMP M ......................16-31 ISABLING ESSAGES December 2005 © Foundry Networks, Inc.
Page 12 Foundry Configuration Guide for the FESX, FSX, and FWSX ......................16-32 ONFIGURING TATIC OUTES ..................16-39 ONFIGURING A EFAULT ETWORK OUTE IP L ......................16-41 ONFIGURING HARING IRDP .........................16-44 ONFIGURING RARP ........................16-45 ONFIGURING UDP B IP H ............16-47 ONFIGURING ROADCAST AND ELPER ARAMETERS P/DHCP F ..............16-49...
Page 13 RP’ IP A ..........19-35 ESIGNATING AN NTERFACE DDRESS AS THE DDRESS MSDP S ..................19-36 ILTERING OURCE ROUP AIRS MSDP M ....................19-38 ONFIGURING ROUPS MSDP I .....................19-46 ISPLAYING NFORMATION MSDP I .......................19-52 LEARING NFORMATION December 2005 © Foundry Networks, Inc. xiii...
Page 14 Foundry Configuration Guide for the FESX, FSX, and FWSX DVMRP O ..........................19-52 VERVIEW DVMRP M ................19-53 NITIATING ULTICASTS ON A ETWORK ......................19-53 RUNING A ULTICAST ......................19-55 RAFTS TO A ULTICAST DVMRP ...........................19-55 ONFIGURING DVMRP ............19-55 NABLING ON THE AYER WITCH AND...
Page 15 YNAMIC EMORY ........................21-10 ASIC ONFIGURATION ASKS BGP4 ....................21-10 NABLING ON THE OUTER ID ......................21-11 HANGING THE OUTER AS N .....................21-11 ETTING THE OCAL UMBER ......................21-11 DDING A OOPBACK NTERFACE BGP4 N ......................21-12 DDING EIGHBORS December 2005 © Foundry Networks, Inc.
Page 16 Foundry Configuration Guide for the FESX, FSX, and FWSX BGP4 P ......................21-17 DDING A ROUP ......................21-21 PTIONAL ONFIGURATION ASKS ................21-21 HANGING THE LIVE IME AND BGP4 N ................21-21 HANGING THE PDATE IMER ....................21-22 NABLING XTERNAL ALLOVER BGP4 L .........21-22 HANGING THE...
Page 17 EGARDING ISABLING VRRP VRRPE P ..............22-13 ONFIGURING DDITIONAL ARAMETERS ............22-18 ORCING A ASTER OUTER BDICATE TO A TANDBY OUTER VRRP VRRPE I ..................22-19 ISPLAYING NFORMATION ....................22-19 ISPLAYING UMMARY NFORMATION ....................22-20 ISPLAYING ETAILED NFORMATION December 2005 © Foundry Networks, Inc. xvii...
Page 18 Foundry Configuration Guide for the FESX, FSX, and FWSX ........................22-26 ISPLAYING TATISTICS VRRP VRRPE S ..................22-27 LEARING TATISTICS CPU U ..................22-28 ISPLAYING TILIZATION TATISTICS ........................22-29 ONFIGURATION XAMPLES VRRP E ..........................22-29 XAMPLE VRRPE E ..........................22-30 XAMPLE HAPTER PDATING OFTWARE MAGES AND ................
Page 19 AYERS ................C-4 RECEDENCE MONG ILTERS ON THE AYER ........................... C-4 OUNDRY OLICIES ......................C-5 UALITY ERVICE OLICIES ..........................C-5 AYER OLICIES ............................. C-6 OUNDRY ILTERS ..........................C-7 AYER ILTERS ..........................C-9 AYER ILTERS December 2005 © Foundry Networks, Inc.
Page 20 Foundry Configuration Guide for the FESX, FSX, and FWSX PPENDIX ..........D-1 OFTWARE EATURES AND PECIFICATIONS ..........................D-1 EATURE IGHLIGHTS ........................D-2 UPPORTED EATURES ........................D-7 NSUPPORTED EATURES IEEE C ............................ D-8 OMPLIANCE RFC S ............................D-9 UPPORT ........................... D-14 NTERNET...
Page 21: About This Guide
Chapter 1 About This Guide Introduction This guide describes the following product families from Foundry Networks: • FastIron Edge Switch X-Series (FESX) Layer 2/Layer 3 switch • FastIron Workgroup Switch X-Series (FWSX) Layer 2 switch • FastIron SuperX Switch (FSX) Layer 2/Layer 3 switch This guide includes procedures for configuring the software.
Page 22 Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: This guide contains the terms FastIron Edge Switch X-Series (FESX), FastIron SuperX Switch (FSX), and FastIron WorkGroup Switch X-Series (FWSX). Each term refers to a specific set of devices, as shown in Table 1.1.
Page 23: Audience
Release Notes for the FastIron Edge Switch X-Series – describes features introduced in each software release, lists features that are supported on the FESX, and describes how configuration procedures or defaults differ from those on other Foundry devices, due to the FastIron Edge Switch X-Series’ hardware architecture.
Page 24: How To Get Help
Call 1.877.TURBOCALL (887.2622) in the United States or 1.408.586.1881 outside the United States. • Send email to info@foundrynet.com. How to Get Help Foundry Networks technical support will ensure that the fast and easy access that you have come to expect from your Foundry Networks products will be maintained. Web Access •...
Page 25: Getting Familiar With
• Privileged EXEC – Lets you use the same commands as those at the User EXEC level plus configuration commands that do not require saving the changes to the system-config file. December 2005 © Foundry Networks, Inc. 2 - 1...
Page 26: Command Completion
Foundry Configuration Guide for the FESX, FSX, and FWSX • CONFIG – Lets you make configuration changes to the device. To save the changes across reboots, you need to save them to the system-config file. The CONFIG level contains sub-levels for individual ports, for VLANs, for routing protocols, and other configuration areas.
Page 27: Line Editing Commands
The FSX uses chassis-based port numbering which consists of a slot number and a port number. When you enter CLI commands on the FSX, you must specify both the slot number and the port number. The FESX and FWSX devices do not use this type of numbering. When you enter commands on these devices, just specify the port number.
Page 28: Searching And Filtering Output From Cli Commands
Foundry Configuration Guide for the FESX, FSX, and FWSX • FESX and FWSX commands: (config)# interface e 1 (config-if-e1000-1)# Searching and Filtering Output from CLI Commands You can filter CLI output from show commands and at the --More-- prompt. You can search for individual characters, strings, or construct complex regular expressions to filter the output.
Page 29 ( + ) at the --More-- prompt and then enter the search string. --More--, next page: Space, next line: Return key, quit: Control-c +telnet The filtered results are displayed: filtering... telnet Telnet by name or IP address December 2005 © Foundry Networks, Inc. 2 - 5...
Page 30: Using Special Characters In Regular Expressions
Foundry Configuration Guide for the FESX, FSX, and FWSX To display lines that do not contain a specified search string (similar to the exclude option for show commands) press the minus sign key ( - ) at the --More-- prompt and then enter the search string.
Page 31 • - The hyphen separates the beginning and ending of a range of characters. A match occurs if any of the characters within the range is present. See the example above. December 2005 © Foundry Networks, Inc. 2 - 7...
Page 32: Logging On Through The Web Management Interface
To use the Web management interface, open a web browser and enter the IP address of the Foundry device’s management port in the Location or Address field. The web browser contacts the Foundry device and displays a Login panel, such as the one shown below for the FESX. Figure 2.1...
Page 33: Navigating The Web Management Interface
Otherwise, the navigation tree (the left-most pane in Figure 2.3) will not display properly. For information on how to load the latest service pack(s), refer to the on-line help provided with your Web browser. December 2005 © Foundry Networks, Inc. 2 - 9...
Page 34: Anagement Interface
Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 2.4 First Panel for Layer 2 Switch Features NOTE: If you are using Internet Explorer 6.0 to view the Web management interface, make sure the version you are running includes the latest service pack(s). Otherwise, the navigation tree (the left-most pane in Figure 2.3) will not display properly.
Page 35: Manager
Frame. Any other elements you enable or disable will go back to their default settings the next time you start the Web management interface. Logging on Through IronView Network Manager See the Foundry IronView Network Management User’s Guide for information about using IronView Network Manager. December 2005 © Foundry Networks, Inc. 2 - 11...
Page 36 Foundry Configuration Guide for the FESX, FSX, and FWSX 2 - 12 © Foundry Networks, Inc. December 2005...
Page 37: Oftware Features
NOTE: For information about configuring IP addresses, DNS resolver, DHCP assist, and other IP-related parameters, see the chapter “Configuring IP” on page 16-1. For information about the Syslog buffer and messages, see the Appendix “Using Syslog” on page A-1. December 2005 © Foundry Networks, Inc. 3 - 1...
Page 38: Configuring Basic System Parameters
Foundry Configuration Guide for the FESX, FSX, and FWSX Configuring Basic System Parameters The procedures in this section describe how to configure the basic system parameters listed in Table 3.2. Table 3.2: Basic System Parameters Basic System Parameter See Page...
Page 39 The port <value> parameter allows you to specify which UDP port will be used by the trap receiver. This parameter allows you to configure several trap receivers in a system. With this parameter, IronView Network December 2005 © Foundry Networks, Inc. 3 - 3...
Page 40 Foundry Configuration Guide for the FESX, FSX, and FWSX Manager Network Manager and another network management application can coexist in the same system. Foundry devices can be configured to send copies of traps to more than one network management application.
Page 41 FESX424 Router(config)# no snmp-server enable traps link-down Syntax: [no] snmp-server enable traps <trap-type> NOTE: For a list of the trap values, see the Foundry Switch and Router Command Line Interface Reference. December 2005 © Foundry Networks, Inc. 3 - 5...
Page 42 Foundry Configuration Guide for the FESX, FSX, and FWSX Disabling Syslog Messages and Traps for CLI Access Foundry devices send Syslog messages and SNMP traps when a user logs into or out of the User EXEC or Privileged EXEC level of the CLI. The feature applies to users whose access is authenticated by an authentication-method list based on a local user account, RADIUS server, or TACACS/TACACS+ server.
Page 43: Configuring An Interface As The Source For All Telnet Packets
Ethernet port as the source for all TFTP packets from the device. The software uses the lowest- numbered IP address configured on the interface as the source IP address for the packets. December 2005 © Foundry Networks, Inc. 3 - 7...
Page 44: Specifying A Simplen
You can configure Foundry devices to consult SNTP servers for the current system time and date. NOTE: Foundry devices do not retain time and date information across power cycles. Unless you want to reconfigure the system time counter each time the system is reset, Foundry Networks recommends that you use the SNTP feature.
Page 45 Reference time stamp clock offset Offset of clock to synchronized peer root delay Total delay along the path to the root clock root dispersion Dispersion of the root path December 2005 © Foundry Networks, Inc. 3 - 9...
Page 46: Setting The System Clock
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 3.4: Output from the show sntp status command (Continued) This Field... Indicates... peer dispersion Dispersion of the synchronized peer Setting the System Clock In addition to SNTP support, Foundry switches and routers also allow you to set the system time counter. The time counter setting is not retained across power cycles and is not automatically synchronized with an SNTP server.
Page 47: Limiting Broadcast , M
When you configure unknown-unicast limiting, the rate applies to all ports in the port range for which unknown unicast is enabled. On the FESX, FWSX, and FSX, a 1-Gigabit port range consists of 12 ports. For example, the FESX424 has 2 port ranges; ports 1 – 12 are one port range, and ports 13 – 24 are another port range. If you enable unknown unicast limiting on port 2, the configuration applies to the ports from 1 –...
Page 48 Setting a Message of the Day Banner You can configure the Foundry device to display a message on a user’s terminal when he or she establishes a Telnet CLI session. For example, to display the message “Welcome to FESX!” when a Telnet CLI session is established: FESX424 Switch(config)# banner motd $ (Press Return) Enter TEXT message, End with the character '$'.
Page 49: Configuring Basic Port Parameters
You do not need to use quotation marks around the string, even when it contains blanks. Modifying Port Speed The Gigabit Ethernet copper ports on the FESX and FWSX are designed to auto-sense and auto-negotiate the speed and mode of the connected device. If the attached device does not support this operation, you can manually enter the port speed to operate at either 10 or 100 Mbps.
Page 50: Enabling Auto - Negotiation
Foundry Configuration Guide for the FESX, FSX, and FWSX Configuration Syntax To change the port speed of interface 8 from the default of 10/100/1000 auto-sense, to 10 Mbps operating at full- duplex, enter the following: FESX424 Router(config)# interface e 8 FESX424 Router(config-if-e1000-8)# speed-duplex 10-full Syntax: speed-duplex <value>...
Page 51: Modifying Port Duplex Mode
FESX424 Switch(config)# interface e 8 FESX424 Switch(config-if-e1000-8)# speed-duplex 10-full Syntax: speed-duplex <value> The <value> can be one of the following: • 10-full • 10-half • 100-full • 100-half • auto The default is auto. December 2005 © Foundry Networks, Inc. 3 - 15...
Page 52: Disabling Or R E -Enabling A
Foundry Configuration Guide for the FESX, FSX, and FWSX Configuring MDI/MDIX The Foundry FastIron devices support automatic Media Dependent Interface (MDI) and Media Dependent Interface Crossover (MDIX) detection on all Gigabit Ethernet Copper ports. MDI/MDIX is a type of Ethernet port connection using twisted pair cabling. The standard wiring for end stations is MDI, whereas the standard wiring for hubs and switches is MDIX.
Page 53: Disabling Or R E -Enabling
VoIP phone will query the Foundry device for VoIP information and will advertise information about itself, such as, device ID, port ID, and platform. When the Foundry device receives the December 2005 © Foundry Networks, Inc. 3 - 17...
Page 54 VoIP phone will re-configure itself with the new voice VLAN. Configuration Notes • This feature is supported in software releases 02.2.00 and later for the FESX, FSX, and FWSX devices. • This feature works with any VoIP phone that: •...
Page 55 To view the voice VLAN for all ports, use the show voice-vlan command. The following example shows the command output results. FESX424 Switch(config)# show voice-vlan Port ID Voice-vlan 1001 Syntax: show voice-vlan [<port-num>] December 2005 © Foundry Networks, Inc. 3 - 19...
Page 56 Foundry Configuration Guide for the FESX, FSX, and FWSX 3 - 20 © Foundry Networks, Inc. December 2005...
Page 57: Configuring Basic Layer 2 Features
For information about configuring IP addresses, DNS resolver, DHCP assist, and other IP-related parameters, see the chapter “Configuring IP” on page 16-1. • For information about the Syslog buffer and messages, see “Using Syslog” on page A-1. December 2005 © Foundry Networks, Inc. 4 - 1...
Page 58: About Port Regions
Foundry Configuration Guide for the FESX, FSX, and FWSX About Port Regions Ports on the X-Series devices are grouped into regions. For a few features, you will need to know the region to which a port belongs. However, for most features, a port’s region does not affect configuration or operation of the feature.
Page 59: Modifying Stp Bridge And Port Parameters
A static entry is one you create using the static-mac-address command. A dynamic entry is one that is learned by the software from network traffic. The output of the show mac-address command on FESX, FSX, and FWSX devices include an Index column which indicates the index where the entry exists in the hardware MAC table.
Page 60: Enabling Port-Based Vlans
Foundry Configuration Guide for the FESX, FSX, and FWSX You can manually input the MAC address of a device to prevent it from being aged out of the system address table. This option can be used to prevent traffic for a specific device, such as a server, from flooding the network with traffic when it is down.
Page 61: Defining Mac Address Filters
Use MAC Layer 2 filters only for switched traffic. If a routing protocol (for example, IP) is configured on an interface, a MAC filter defined on that interface is not applied to inbound packets. If you want to filter inbound December 2005 © Foundry Networks, Inc. 4 - 5...
Page 62: Command Syntax
• Layer 2 MAC filtering on the FESX, FSX, and FWSX differs from the FES and BigIron in that MAC filtering applies to all traffic, including management traffic. To exclude management traffic from being filtered, configure a MAC filter that explicitly permits all traffic headed to the management MAC (destination) address.
Page 63: Locking A Port To Restrict Addresses
Thus, five minutes after the first log entry, the software generates another log entry and SNMP trap for denied packets. Configuration Notes MAC filter logging is supported in the following FastIron configurations: • FESX devices running software release 02.1.01 or later • All FSX devices and associated software releases • All FWSX devices and associated software releases These releases support MAC filter logging of management traffic only.
Page 64: Command Syntax
To display the adjustable tables on your Foundry device, use the show default values command. The following shows example outputs on FESX, FSX, and FWSX devices. NOTE: If you increase the number of configurable subnet addresses on each port, you might also need to increase the total number of subnets that you can configure on the device.
Page 65: Maximum
Configuring Basic Layer 2 Features To display the configurable tables and their defaults and maximum values, enter the following command at any level of the CLI. The following shows an example output on the FESX. FESX424 Router# show default values...
Page 66 Foundry Configuration Guide for the FESX, FSX, and FWSX The following shows an example output of the show default values command on the FSX FastIron SuperX Router# show default values sys log buffers:50 mac age time:300 sec telnet sessions:5 ip arp age:10 min...
Page 67 The <num> parameter specifies the maximum number of subnet addresses for the entire device and can be from 1 – 512. The default is 256. FESX424 Switch(config)# system-max subnet-per-system 512 FESX424 Switch(config)# write memory FESX424 Switch(config)# exit FESX424 Switch# reload December 2005 © Foundry Networks, Inc. 4 - 11...
Page 68: Port
Refer to the following rules when configuring port mirroring and monitoring: • FESX and FWSX devices support sFlow and inbound port monitoring together on the same device, however, these devices do not support port monitoring and sFlow together within the same port region. See the section “About Port Regions”...
Page 69 Configuring Basic Layer 2 Features The [input | output] parameters apply to the FESX, FSX, and FWSX devices only. This parameter configures the mirror port exclusively for ingress or egress traffic. If you do not specify one, both types of traffic apply.
Page 70 Foundry Configuration Guide for the FESX, FSX, and FWSX 4 - 14 © Foundry Networks, Inc. December 2005...
Page 71: Configuring Base Layer 3
Layer 2 with Base Layer 3 images provide static RIP support. The device does not learn RIP routes from other Layer 3 devices. However, the device does advertise directly connected routes. Foundry Networks recommends that you deploy these devices only at the edge of your network, since incoming traffic can learn directly-connected routes advertised by the Foundry device, but outgoing traffic to other devices must use statically configured or default routes.
Page 72: Adding A Static Ip Route
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 5.1: Procedures in This Chapter (Continued) Task See Page Enabling or disabling Layer 2 switching Adding a Static IP Route To add a static IP route, enter a command such as the following at the global CONFIG level of the CLI: FESX424 Router(config)# ip route 209.157.2.0 255.255.255.0 192.168.2.1...
Page 73: Modifying And Displaying Layer 3 System Parameter Limits
The hw-ip-next-hop <num> parameter specifies the maximum number of IP next hops and routes supported on the device. Note that the maximum number includes unicast next hops and multicast route entries. Enter a number from 100 to 6144. The default is 2048. December 2005 © Foundry Networks, Inc. 5 - 3...
Page 74: Displaying Layer 3 System Parameter Limits
Foundry Configuration Guide for the FESX, FSX, and FWSX The hw-logical-interface <num> parameter specifies the number of hardware logical interface pairs (physical port and VLAN pairs) supported on the device. Enter a number from 0 to 4096. When this parameter is set to 4096 (the maximum), the limit is not enforced.
Page 75: Enabling Redistribution Of Ip Static Routes Into Rip
The address <ip-addr> <ip-mask> parameters apply redistribution to the specified network and subnet address. Use 0 to specify “any”. For example, “207.92.0.0 255.255.0.0“ means “any 207.92.x.x subnet”. However, to specify any subnet (all subnets match the filter), enter “address 255.255.255.255 255.255.255.255”. December 2005 © Foundry Networks, Inc. 5 - 5...
Page 76: Enabling Redistribution
Foundry Configuration Guide for the FESX, FSX, and FWSX The match-metric <value> parameter applies redistribution to those routes with a specific metric value; possible values are from 1 – 15. The set-metric <value> parameter sets the RIP metric value that will be applied to the routes imported into RIP.
Page 77: Other Layer 3 Protocols
This feature is supported in the following configurations: • The FESX running software release 01.1.00 or prior, supports disabling Layer 2 switching on a global basis only. Starting in release 02.1.01, the FESX supports disabling Layer 2 switching on an individual December 2005 ©...
Page 78: Command Syntax
Foundry Configuration Guide for the FESX, FSX, and FWSX interface as well as on a global basis. • The FSX running software release 02.2.00 or later supports disabling Layer 2 switching on an individual interface as well as on a global basis.
Page 79: Configuring Power Over Ethernet
Power over Ethernet Overview This section provides an overview of the requirements for delivering power over the LAN, as defined by the Institute of Electrical and Electronics Engineers Inc. (IEEE) in the 802.3af specification. December 2005 © Foundry Networks, Inc. 6 - 1...
Page 80: Terms Used In This Section
Foundry Configuration Guide for the FESX, FSX, and FWSX Foundry’s FSX (with POE daughter card) provides Power over Ethernet, compliant with the standards described in the IEEE 802.3af specification for delivering in-line power. The 802.3af specification defines the standard for...
Page 81 POE Midspan Delivery Method 33 34 45 46 POWER CONSOLE Switch LINK FastIron Edge 4802 POE Intermediate device Power travels on unused spare pairs while data travels on other wire pairs. IP phone December 2005 © Foundry Networks, Inc. 6 - 3...
Page 82: Autodiscovery
Foundry Configuration Guide for the FESX, FSX, and FWSX Autodiscovery POE autodiscovery is a detection mechanism that identifies whether or not an installed device is 802.3af compatible. When you plug a device into an Ethernet port that is capable of providing in-line power, the autodiscovery mechanism detects whether or not the device requires power and how much power is needed.
Page 83: Cabling Requirements
Enabling or Disabling Power over Ethernet To enable a port to receive in-line power for 802.3af-compliant and non-compliant power consuming devices, enter commands such as the following: FastIron SuperX Router# config t December 2005 © Foundry Networks, Inc. 6 - 5...
Page 84: Enabling The Detection Of Poe Power Requirements Advertised Via Cdp
Foundry Configuration Guide for the FESX, FSX, and FWSX FastIron SuperX Router(config)# interface e 1/1 FastIron SuperX Router(config-if-e1000-1/1)# inline power After entering the above commands, the console will display the following message: FastIron SuperX Router(config-if-e1000-1/1)# PoE Info: Power enabled on port 1/1.
Page 85: Command Syntax
You cannot configure both. You can, however, configure a power level on one port and power class on another port. • The power class includes any power loss through the cables. For example, a POE port with a default power December 2005 © Foundry Networks, Inc. 6 - 7...
Page 86: Command Syntax
Foundry Configuration Guide for the FESX, FSX, and FWSX class of 0 (15.4 watts) will receive a maximum of 12.95 watts of power after 2.45 watts of power loss through the cable. This is compliant with the IEEE 802.3af specification for delivering in-line power. Devices that are configured to receive less POE power, for example, class 1 devices (4.0 watts), will experience a lower rate of...
Page 87: Command Syntax
If you do not specify the power priority, the device will apply the default value of 3 (low priority). Also, you must specify the inline power priority before specifying the power class. December 2005 © Foundry Networks, Inc. 6 - 9...
Page 88: Displaying Power Over Ethernet Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying Power over Ethernet Information This section lists the CLI commands for viewing POE information. Displaying POE Operational Status The show inline power command displays operational information about Power over Ethernet.
Page 89 • The device connected to this port is a non-powered device. • No device is connected to this port. • The port is in standby or denied mode (waiting for power). December 2005 © Foundry Networks, Inc. 6 - 11...
Page 90 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 6.4: Field Definitions for the Show Inline Power Command This Column... Displays... PD Class Determines the maximum amount of power a powered device receives. This value can be one of the following: •...
Page 91: Displaying Detailed Information About Poe Power Supplies
26.5 Amps Voltage: 50.0 Volts Capacity: 1325 Watts Consumption: 949 Watts General PoE Data: +++++++++++++++++ Slot Firmware Version -------------- 04.0.0 04.0.0 04.0.0 04.0.0 04.0.0 04.0.0 04.0.0 04.0.0 ... continued on next page... December 2005 © Foundry Networks, Inc. 6 - 13...
Page 92 Foundry Configuration Guide for the FESX, FSX, and FWSX ... continued from previous page... Cumulative Port State Data: +++++++++++++++++++++++++++ Slot #Ports #Ports #Ports #Ports #Ports #Ports #Ports Admin-On Admin-Off Oper-On Oper-Off Off-Denied Off-No-PD Off-Fault ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Total:192 Cumulative Port Power Data:...
Page 93 Cumulative Port Power Data Slot The Interface module / slot number # Ports Pri: 1 The number of POE ports on the Interface module that have a POE port priority of December 2005 © Foundry Networks, Inc. 6 - 15...
Page 94 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 6.5: Field Definitions for the Show Inline Power Detail Command This Column... Displays... # Ports Pri: 2 The number of POE ports on the Interface module that have a POE port priority of...
Page 95: Configuring Spanning Tree Protocol (Stp) And Ironspan Features
7-18 802.1W Draft 3 RSTP (both 802.1W Draft 3 and full 7-53 802.1W are supported) Single-instance STP (SSTP) 7-56 STP per VLAN group 7-58 Per VLAN Spanning Tree (PVST)/PVST+ compatibility 7-61 December 2005 © Foundry Networks, Inc. 7 - 1...
Page 96: Stp Overview
Foundry Configuration Guide for the FESX, FSX, and FWSX STP Overview The Spanning Tree Protocol (STP) eliminates Layer 2 loops in networks, by selectively blocking some ports and allowing other ports to forward traffic, based on global (bridge) and local (port) parameters you can configure.
Page 97 Possible values: 8 – 252 A higher numerical value means a lower priority; thus, (configurable in increments the highest priority is 8. of 4) December 2005 © Foundry Networks, Inc. 7 - 3...
Page 98: Enabling Or Disabling The Spanning Tree Protocol (Stp)
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 7.4: Default STP Port Parameters (Continued) Parameter Description Default and Valid Values Path Cost The cost of using the port to reach the root bridge. When 10 Mbps – 100 selecting among multiple links to the root bridge, STP 100 Mbps –...
Page 99: Changing Stp Bridge And Port Parameters
The maximum-age <value> parameter specifies the amount of time the device waits for receipt of a configuration BPDU from the root bridge before initiating a topology change. You can specify from 6 – 40 seconds. The default is 20 seconds. December 2005 © Foundry Networks, Inc. 7 - 5...
Page 100: Stp Protection Enhancement
Foundry Configuration Guide for the FESX, FSX, and FWSX The priority <value> parameter specifies the priority and can be a value from 0 – 65535. A higher numerical value means a lower priority. Thus, the highest priority is 0. The default is 32768.
Page 101 If you enter the show stp-protect command for a port that does not have STP protection enabled, the following message displays on the console: FESX424 Switch# show stp-protect e 4 STP-protect is not enabled on port 4. Syntax: show stp-protect [ethernet [<slotnum>/]<portnum>] December 2005 © Foundry Networks, Inc. 7 - 7...
Page 102: Displaying Stp Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying STP Information You can display the following STP information: • All the global and interface STP settings • CPU utilization statistics • Detailed STP information for each interface • STP state information for a port-based VLAN •...
Page 103 The port’s STP priority, in hexadecimal format. Note: If you configure this value, specify it in decimal format. See “Changing STP Port Parameters” on page 7-6. Path Cost The port’s STP path cost. December 2005 © Foundry Networks, Inc. 7 - 9...
Page 104 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 7.5: CLI Display of STP Information (Continued) This Field... Displays... State The port’s STP state. The state can be one of the following: • BLOCKING – STP has blocked Layer 2 traffic on this port to prevent a loop.
Page 105 If you do not use this parameter, the command lists the usage statistics for the previous one-second, one-minute, five-minute, and fifteen-minute intervals. December 2005 © Foundry Networks, Inc. 7 - 11...
Page 106 Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying the STP State of a Port-Based VLAN When you display information for a port-based VLAN, that information includes the STP state of the VLAN. To display information for a port-based VLAN, enter a command such as the following at any level of the CLI. The STP state is shown in bold type in this example.
Page 107 This timer applies only to the root bridge. • Topology Change Notification (TCN) – The interval between Topology Change Notification packets sent by a non-root bridge toward the root bridge. This timer applies only to non-root bridges. December 2005 © Foundry Networks, Inc. 7 - 13...
Page 108 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 7.6: CLI Display of Detailed STP Information for Ports (Continued) This Field... Displays... Port number and STP state The internal port number and the port’s STP state. The internal port number is one of the following: •...
Page 109 1238 packets input, 79232 bytes, 0 no buffer Received 686 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 ignored 529 multicast 918 packets output, 63766 bytes, 0 underruns 0 output errors, 0 collisions December 2005 © Foundry Networks, Inc. 7 - 15...
Page 110: Configuring Ironspan Features
Foundry Configuration Guide for the FESX, FSX, and FWSX The STP information is shown in bold type in this example. Syntax: show interfaces [ethernet [<slotnum>/]<portnum>] | [loopback <num>] | [slot <slot-num>] | [ve <num>] | [brief] You also can display the STP states of all ports by entering a command such as the following, which uses the brief...
Page 111 FESX424 Router(config)# write memory To exclude a contiguous (unbroken) range of ports from Fast Span, enter commands such as the following: FESX424 Router(config)# fast port-span exclude ethernet 1 to 24 FESX424 Router(config)# write memory December 2005 © Foundry Networks, Inc. 7 - 17...
Page 112: W Rapid Spanning Tree (Rstp)
Foundry Configuration Guide for the FESX, FSX, and FWSX Syntax: [no] fast port-span [exclude ethernet [<slotnum>/]<portnum> [ethernet [<slotnum>/]<portnum> | to [<slotnum>/]<portnum>]] To re-enable Fast Port Span on a port, enter a command such as the following: FESX424 Router(config)# no fast port-span exclude ethernet 1...
Page 113 Root, Designated, Alternate, or Backup. The following example (Figure 7.1) explains role assignments in a simple RSTP topology. December 2005 © Foundry Networks, Inc. 7 - 19...
Page 114 Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: All examples in this document assume that all ports in the illustrated topologies are point-to-point links and are homogeneous (they have the same path cost value) unless otherwise specified. The topology in Figure 7.1 contains four bridges. Switch 1 is the root bridge since it has the lowest bridge priority.
Page 115 The topology in Figure 7.3 is an example of shared media that should not be configured as point-to-point links. In Figure 7.3, a port on a bridge communicates or is connected to at least two ports. December 2005 © Foundry Networks, Inc. 7 - 21...
Page 116 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 7.3 Example of Shared Media Bridge Port States Ports roles can have one of the following states: • Forwarding – 802.1W is allowing the port to send and receive all packets.
Page 117 A port operating in 802.1W mode may enter a learning state to allow MAC entries to be added to the filtering database; however, this state is transient and lasts only a few milliseconds, if the port is operating in 802.1W mode and if the port meets the conditions for rapid transition. December 2005 © Foundry Networks, Inc. 7 - 23...
Page 118 Foundry Configuration Guide for the FESX, FSX, and FWSX Handshake Mechanisms To rapidly transition a Designated or Root port into a forwarding state, the Port Role Transition state machine uses handshake mechanisms to ensure loop free operations. It uses one type of handshake if no Root port has been assigned on a bridge, and another type if a Root port has already been assigned.
Page 119 Sync Stage Switch 100 Root Bridge Port1 Designated port Port1 Root port Sync BigIron Switch 200 Port2 Port3 Sync Sync Discarding Discarding Port2 Port3 Switch 300 Switch 400 Indicates a signal December 2005 © Foundry Networks, Inc. 7 - 25...
Page 120 Foundry Configuration Guide for the FESX, FSX, and FWSX • Synced – Once the Designated port changes into a discarding state, it asserts a synced signal. Immediately, Alternate ports and Backup ports are synced. The Root port monitors the synced signals from all the bridge ports.
Page 121 RST BPDU to Switch 200 with an agreed flag. This handshake is repeated between Switch 200 and Switch 400 until all Designated and Root ports are in forwarding states. December 2005 © Foundry Networks, Inc. 7 - 27...
Page 122 Foundry Configuration Guide for the FESX, FSX, and FWSX Handshake When a Root Port Has Been Elected If a non-root bridge already has a Root port, 802.1W uses a different type of handshake. For example, in Figure 7.8, a new root bridge is added to the topology.
Page 123 Port4 Port1 Designated port Proposing Proposing Port1 RST BPDU Root port sent with Forwarding a Proposing flag Switch 200 Port4 Designated port Proposed Port2 Port3 Port2 Port3 Switch 300 Switch 400 December 2005 © Foundry Networks, Inc. 7 - 29...
Page 124 Foundry Configuration Guide for the FESX, FSX, and FWSX • Sync and Reroot – The Root port then asserts a sync and a reroot signal on all the ports on the bridge. The signal tells the ports that a new Root port has been assigned and they are to renegotiate their new roles and states.
Page 125 Switch 200 Root port Sync Rerooted Discarding Port2 Port3 Sync Sync Rerooted Rerooted Discarding Discarding Port2 Port3 Switch 300 Switch 400 Indicates an 802.1W signal controlled by the current Root port December 2005 © Foundry Networks, Inc. 7 - 31...
Page 126 Foundry Configuration Guide for the FESX, FSX, and FWSX • Synced and Agree – When all the ports on the bridge assert their synced signals, the new Root port asserts its own synced signal and sends an RST BPDU to Port4/Switch 60 that contains an agreed flag (Figure 7.11).
Page 127 At this point the handshake between the Switch 60 and Switch 200 is complete. The remaining bridges (Switch 300 and Switch 400) may have to go through the reroot handshake if a new Root port needs to be assigned. December 2005 © Foundry Networks, Inc. 7 - 33...
Page 128 Foundry Configuration Guide for the FESX, FSX, and FWSX Convergence in a Simple Topology The examples in this section illustrate how 802.1W convergence occurs in a simple Layer 2 topology at start-up. NOTE: The remaining examples assume that the appropriate handshake mechanisms occur as port roles and states change.
Page 129 Port3/Switch 2. The 802.1W algorithm determines that the RST BPDUs Port3/Switch 3 received are superior to those it can transmit; however, they are not superior to those that are currently being received by the current Root port (Port4). Therefore, Port3 retains the role of Alternate port. December 2005 © Foundry Networks, Inc. 7 - 35...
Page 130 Foundry Configuration Guide for the FESX, FSX, and FWSX Ports 3/Switch 1 and Port5/Switch 1 are physically connected. Port5/Switch 1 received RST BPDUs that are superior to those received on Port3/Switch 1; therefore, Port5/Switch 1 is given the Backup port role while Port3 is given the Designated port role.
Page 131 Port3/Switch 2, which was the previous Root port, enters a discarding state and negotiates with other ports on the bridge to establish its new role and state, until it finally assumes the role of a Designated port. December 2005 © Foundry Networks, Inc. 7 - 37...
Page 132 Foundry Configuration Guide for the FESX, FSX, and FWSX Next, the following happens: • Port3/Switch 2, the Designated port, sends an RST BPDU, with a proposal flag to Port3/Switch 3. • Port2/Switch 2 also sends an RST BPDU with an agreed flag to Port2/Switch 1 and then places itself into a forwarding state.
Page 133 Only then will these port move into forwarding states. The entire 802.1W topology converges in less than 300 msec and the essential connectivity is established between the designated ports and their connected root ports. December 2005 © Foundry Networks, Inc. 7 - 39...
Page 134 Foundry Configuration Guide for the FESX, FSX, and FWSX After convergence is complete, Figure 7.19 shows the active Layer 2 path of the topology in Figure 7.18. Figure 7.19 Active Layer 2 Path in Complex Topology Bridge priority = 200...
Page 135 Switch 3 Switch 6 Switch 4 Bridge priority = 300 Switch 6 Switch 4 Bridge priority = 900 Bridge priority = 400 Indicates the active Layer 2 path Indicates direction of TCN December 2005 © Foundry Networks, Inc. 7 - 41...
Page 136 Foundry Configuration Guide for the FESX, FSX, and FWSX Switch 2 then starts the TCN timer on the Designated ports and sends RST BPDUs that contain the TCN as follows (Figure 7.21): • Port5/Switch 2 sends the TCN to Port2/Switch 5 •...
Page 137 CLI, forcing all ports on the bridge to send legacy BPDUs only. Once a port operates in the 802.1D mode, 802.1D convergence times are used and rapid convergence is not realized. December 2005 © Foundry Networks, Inc. 7 - 43...
Page 138 Foundry Configuration Guide for the FESX, FSX, and FWSX For example, in Figure 7.23, Switch 10 and Switch 30 receive legacy BPDUs from Switch 20. Ports on Switch 10 and Switch 30 begin sending BPDUs in STP format to allow them to operate transparently with Switch 20.
Page 139 The priority <value> parameter specifies the priority of the bridge. You can enter a value from 0 – 65535. A lower numerical value means a the bridge has a higher priority. Thus, the highest priority is 0. The default is 32768. December 2005 © Foundry Networks, Inc. 7 - 45...
Page 140 Foundry Configuration Guide for the FESX, FSX, and FWSX You can specify some or all of these parameters on the same command line. If you specify more than one parameter, you must specify them in the order shown above, from left to right.
Page 141 The port-based VLAN that owns the STP instance. VLAN 1 is the default VLAN. If you have not configured port-based VLANs on this device, all 802.1W information is for VLAN 1. December 2005 © Foundry Networks, Inc. 7 - 47...
Page 142 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 7.8: CLI Display of 802.1W Summary (Continued) This Field... Displays... Bridge IEEE 802.1W Parameters Bridge Identifier The ID of the bridge. Bridge Max Age The configured max age for this bridge. The default is 20.
Page 143 The current role of the port: • Root • Designated • Alternate • Backup • Disabled Refer to “Bridges and Bridge Port Roles” on page 7-19 for definitions of the roles. December 2005 © Foundry Networks, Inc. 7 - 49...
Page 144 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 7.8: CLI Display of 802.1W Summary (Continued) This Field... Displays... State The port’s current 802.1W state. A port can have one of the following states: • Forwarding • Discarding •...
Page 145 Indicates if the point-to-point-mac parameter is configured to be a point-to-point link: • T – The link is a point-to-point link • F – The link is not a point-to-point link. This is the default. December 2005 © Foundry Networks, Inc. 7 - 51...
Page 146 Foundry Configuration Guide for the FESX, FSX, and FWSX This Field... Displays... DesignatedPriority Shows the following: • Root – Shows the ID of the root bridge for this bridge. • Bridge – Shows the ID of the Designated bridge that is associated with this port.
Page 147: W Draft 3
Root port = 4/4 Alternate = 3/4 Alternate = 4/3 If the root port on a Switch becomes unavailable, 802.1W Draft 3 immediately fails over to the alternate port, as shown in Figure 7.25. December 2005 © Foundry Networks, Inc. 7 - 53...
Page 148 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 7.25 802.1W Draft 3 RSTP failover to alternate root port The arrow shows the path to the root bridge Port 1/2 Port 2/2 Root Bridge Switch 2 Switch 1 Bridge priority = 2...
Page 149 FESX424 Router(config-vlan-10)# spanning-tree rstp Syntax: [no] spanning-tree rstp This command enables 802.1W Draft 3. You must enter the command separately in each port-based VLAN in which you want to run 802.1W Draft 3. December 2005 © Foundry Networks, Inc. 7 - 55...
Page 150: Single Spanning Tree (Sstp)
Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: This command does not also enable STP. To enable STP, first enter the spanning-tree command without the rstp parameter. After you enable STP, enter the spanning-tree rstp command to enable 802.1W Draft 3.
Page 151 STP entries. To display information for VLANs 10 and 2024 only, enter show span 1. The detail parameter and its additional optional parameters display detailed information for individual ports. See “Displaying Detailed STP Information for Each Interface” on page 7-12. December 2005 © Foundry Networks, Inc. 7 - 57...
Page 152: Stp Per Vlan Group
Foundry Configuration Guide for the FESX, FSX, and FWSX STP per VLAN Group STP per VLAN group is an STP enhancement that provides scalability while overcoming the limitations of the following scalability alternatives: • Standard STP – You can configure only 128 instances of standard STP on a Foundry device. It is possible to need more instances of STP than this in large configurations.
Page 153 STP settings of the master VLAN in the group. The <num> parameter specifies the VLAN group ID. NOTE: This command is optional and is not used in the example above. For an example of this command, see “Configuration Example for STP Load Sharing”. December 2005 © Foundry Networks, Inc. 7 - 59...
Page 154 Foundry Configuration Guide for the FESX, FSX, and FWSX Configuration Example for STP Load Sharing Figure 7.27 shows another example of a STP per VLAN group implementation. Figure 7.27 More Complex STP per VLAN Group Example Member VLANs 2 - 200...
Page 155: Pvst/Pvst+ Compatibility
You do not need to perform any configuration steps to enable PVST+ support. However, to support the IEEE 802.1Q BPDUs, you might need to enable dual-mode support. 1.Cisco user documentation for PVST/PVST+ refers to the IEEE 802.1Q spanning tree as the Common Spanning Tree (CST). December 2005 © Foundry Networks, Inc. 7 - 61...
Page 156: Overview Of Pvst And Pvst
Foundry Configuration Guide for the FESX, FSX, and FWSX Foundry’s support for Cisco's Per VLAN Spanning Tree plus (PVST+), allows a Foundry device to run multiple spanning trees (MSTP) while also interoperating with IEEE 802.1Q devices. Foundry ports automatically detect PVST+ BPDUs and enable support for the BPDUs once detected.
Page 157: Configuring Pvst+ Support
To enable the dual-mode feature on a port, enter the following command at the interface configuration level for the port: FastIron SuperX Router(config-if-1/1)# dual-mode 1.Cisco PVST/PVST+ documentation refers to the Default VLAN as the Default Native VLAN. December 2005 © Foundry Networks, Inc. 7 - 63...
Page 158: Displaying Pvst+ Support Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Syntax: [no] dual-mode [<vlan-id>] The <vlan-id> specifies the port’s Port Native VLAN. This is the VLAN on which the port will support untagged frames. By default, the Port Native VLAN is the same as the default VLAN (which is VLAN 1 by default).
Page 159 To implement this configuration, enter the following commands. Commands on the Foundry Device FastIron SuperX Router(config)# default-vlan-id 4000 FastIron SuperX Router(config)# vlan 1 FastIron SuperX Router(config-vlan-1)# tagged ethernet 1/1 FastIron SuperX Router(config-vlan-1)# exit FastIron SuperX Router(config)# vlan 2 December 2005 © Foundry Networks, Inc. 7 - 65...
Page 160 Foundry Configuration Guide for the FESX, FSX, and FWSX FastIron SuperX Router(config-vlan-2)# tagged ethernet 1/1 FastIron SuperX Router(config-vlan-2)# exit FastIron SuperX Router(config)# interface ethernet 1/1 FastIron SuperX Router(config-if-1/1)# dual-mode 2 FastIron SuperX Router(config-if-1/1)# pvst-mode FastIron SuperX Router(config-if-1/1)# exit These commands change the default VLAN ID, configure port 1/1 as a tagged member of VLANs 1 and 2, and enable the dual-mode feature and PVST+ support on port 1/1.
Page 161: Configuring Metro Features
Layer 2 protocol for multiple VLANs. For example, if a Foundry device is deployed in a Metro network and provides forwarding for two MRP rings that each contain 128 VLANs, you can configure a topology group for each December 2005 © Foundry Networks, Inc. 8 - 1...
Page 162: Master Vlan And Member Vlans
Forwarding state. Configuration Considerations • Topology groups are supported in all FESX, FSX, and FWSX devices and associated software releases. • You must configure the master VLAN and member VLANs or member VLAN groups before you configure the topology group.
Page 163: Configuring A Topology Group
If you remove a member VLAN or VLAN group from a topology group, you will need to reconfigure the Layer 2 protocol information in the VLAN or VLAN group. Displaying Topology Group Information The following sections show how to display STP information and topology group information for VLANS. December 2005 © Foundry Networks, Inc. 8 - 3...
Page 164 Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying STP Information To display STP information for a VLAN, enter a command such as the following: FESX424 Router(config)# show span vlan 4 VLAN 4 BPDU cam_index is 14344 and the Master DMA Are(HEX) 18 1A STP instance owned by VLAN 2 This example shows STP information for VLAN 4.
Page 165: Metro Ring Protocol (Mrp)
The primary interface originates Ring Health Packets (RHPs), which are used to monitor the health of the ring. An RHP is forwarded on the ring to the December 2005 © Foundry Networks, Inc. 8 - 5...
Page 166: Configuration Notes
MRP on the ring nodes. Once MRP is configured and enabled on all the nodes, you can re-enable the interface. • MRP I is supported in all FESX, FSX, and FWSX devices and their associated software releases. • The above configurations are capable of being configured as MRP masters or MRP members (for different rings).
Page 167: Ring Initialization
When MRP is enabled, all ports begin in the Preforwarding state. The primary interface on the Master node, although it is in the Preforwarding state like the other ports, immediately sends an RHP onto the ring. The secondary port on the Master node listens for the RHP. December 2005 © Foundry Networks, Inc. 8 - 7...
Page 168: How Ring Breaks Are Detected And Healed
Foundry Configuration Guide for the FESX, FSX, and FWSX • If the secondary port receives the RHP, all links in the ring are up and the port changes its state to Blocking. The primary port then sends another MRP with its forwarding bit set on. As each of the member ports receives the RHP, the ports changes their state to Forwarding.
Page 169: Master Vlans And Customer Vlans
All the ring ports must be in the same VLAN. Placing the ring ports in the same VLAN provides Layer 2 connectivity for a given customer across the ring. Figure 8.6 shows an example. December 2005 © Foundry Networks, Inc. 8 - 9...
Page 170 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 8.6 Metro ring – ring VLAN and customer VLANs Customer A Customer B VLAN 30 VLAN 40 Switch B ====== ring 1 interfaces 1/1, 1/2 port 4/1 port 2/1 topology group 2...
Page 171: Configuring Mrp
Configures this node as the master node for the ring. Enter this command only on one node in the ring. The node is a member (non-master) node by default. Syntax: [no] ring-interface ethernet <primary-if> ethernet <secondary-if> December 2005 © Foundry Networks, Inc. 8 - 11...
Page 172: Using Mrp Diagnostics
Foundry Configuration Guide for the FESX, FSX, and FWSX The ethernet <primary-if> parameter specifies the primary interface. On the master node, the primary interface is the one that originates RHPs. Ring control traffic and Layer 2 data traffic will flow in the outward direction from this interface by default.
Page 173: Displaying Mrp Information
Ring configuration information and statistics Displaying Topology Group Information To display topology group information, enter the following command: Syntax: show topology-group [<group-id>] See “Displaying Topology Group Information” on page 8-3 for more information. December 2005 © Foundry Networks, Inc. 8 - 13...
Page 174 Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying Ring Information To display ring information, enter the following command: FastIron SuperX Router(config)# show metro Metro Ring 1 ============= Ring State Ring Master Topo Hello Prefwing role vlan group time(ms)
Page 175 The number of RHPs sent on the interface. Note: This field applies only to the master node. On non-master nodes, this field contains 0. This is because the RHPs are forwarded in hardware on the non-master nodes. December 2005 © Foundry Networks, Inc. 8 - 15...
Page 176: Mrp Cli Example
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 8.4: CLI Display of MRP Ring Information (Continued) This Field... Displays... RHPs rcvd The number of RHPs received on the interface. Note: On most Foundry devices, this field applies only to the master node.
Page 177 FastIron SuperX Router(config-topo-group-1)# member-vlan 40 Commands on Switch D FastIron SuperX Router(config)# vlan 2 FastIron SuperX Router(config-vlan-2)# tag ethernet 1/1 to 1/2 FastIron SuperX Router(config-vlan-2)# metro-ring 1 FastIron SuperX Router(config-vlan-2-mrp-1)# name “Metro A” December 2005 © Foundry Networks, Inc. 8 - 17...
Page 178: Virtual Switch Redundancy
Foundry Configuration Guide for the FESX, FSX, and FWSX FastIron SuperX Router(config-vlan-2-mrp-1)# ring-interface ethernet 1/1 ethernet 1/ FastIron SuperX Router(config-vlan-2-mrp-1)# enable FastIron SuperX Router(config-vlan-2)# exit FastIron SuperX Router(config)# vlan 30 FastIron SuperX Router(config-vlan-30)# tag ethernet 1/1 to 1/2 FastIron SuperX Router(config-vlan-30)# tag ethernet 2/1...
Page 179: Vsrp-Aware
Layer 2 Switches support Layer 2 VSRP only. Layer 3 Switches support Layer 2 and Layer 3 redundancy. You can configure a Layer 3 Switch for either Layer 2 only or Layer 2 and Layer 3. To configure for Layer 3, specify the IP address you are backing up. December 2005 © Foundry Networks, Inc. 8 - 19...
Page 180: M Aster E Lection And F Ailover
Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: If you want to provide Layer 3 redundancy only, disable VSRP and use VRRPE. Master Election and Failover Each VSRP device advertises its VSRP priority in Hello messages. During Master election, the VSRP device with the highest priority for a given VRID becomes the Master for that VRID.
Page 181 The link failure caused the priority to be reduced to 100, which is still equal to the priority of the other device. This is shown in Figure 8.10. December 2005 © Foundry Networks, Inc. 8 - 21...
Page 182 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 8.10 VSRP priority bias Configured priority = 150 Configured priority = 100 Actual priority = 150 * (2/3) = 100 Actual priority = 100 * (3/3) = 100 VSRP VSRP...
Page 183 The software divides a timer’s value by the timer scale value. By default, the scale is 1. This means the VSRP timer values are the same as the values in the configuration. December 2005 © Foundry Networks, Inc. 8 - 23...
Page 184: Vsrp Parameters
Foundry Configuration Guide for the FESX, FSX, and FWSX VSRP-Aware Security Features Without VSRP-aware security configured, a VSRP-aware device passively learns the authentication method conveyed by the received VSRP hello packet. The VSRP-aware device then stores the authentication method until it ages out with the aware entry.
Page 185 Saving the current timer values instead of the configured ones helps ensure consistent timer usage for all the VRID’s devices. Note: The Backup always gets its timer scale value from the Master. December 2005 © Foundry Networks, Inc. 8 - 25...
Page 186 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 8.5: VSRP Parameters (Continued) Parameter Description Default See page... Time-to-Live The maximum number of hops a VSRP Hello packet 8-31 (TTL) can traverse before being dropped. You can specify from 1 – 255.
Page 187: C Onfiguring B Asic Vsrp P Arameters
For information about the command’s optional parameters, see the following: • “Changing the Backup Priority” on page 8-30 • “Changing the Default Track Priority” on page 8-33 Syntax: [no] activate Syntax: enable | disable December 2005 © Foundry Networks, Inc. 8 - 27...
Page 188: C Onfiguring O Ptional Vsrp P Arameters
Foundry Configuration Guide for the FESX, FSX, and FWSX Configuring Optional VSRP Parameters The following sections describe how to configure optional VSRP parameters. Disabling or Re-Enabling VSRP VSRP is enabled by default on Layer 2 Switches and Layer 3 Switches. On a Layer 3 Switch, if you want to use VRRP or VRRPE for Layer 3 redundancy instead of VSRP, you need to disable VSRP first.
Page 189 1/4 in VRID 4. For these ports, the VSRP device will not accept incoming packets that have authentication strings. FastIron SuperX Router(config)# vlan 10 FastIron SuperX Router(config-vlan-10)# vsrp-aware vrid 4 no-auth port-list ethe 1/ 1 to 1/4 Syntax: vsrp-aware vrid <vrid number> no-auth port-list <port range> December 2005 © Foundry Networks, Inc. 8 - 29...
Page 190 Foundry Configuration Guide for the FESX, FSX, and FWSX <vrid number> is a valid VRID (from 1 to 255). no-auth specifies no authentication as the preferred VSRP-aware security method. The VSRP device will not accept incoming packets that have authentication strings.
Page 191 To change the TTL for a VRID, enter a command such as the following at the configuration level for the VRID: FastIron SuperX Router(config-vlan-200-vrid-1)# initial-ttl 5 Syntax: [no] initial-ttl <num> The <num> parameter specifies the TTL and can be from 1 – 255. The default TTL is 2. December 2005 © Foundry Networks, Inc. 8 - 31...
Page 192 Foundry Configuration Guide for the FESX, FSX, and FWSX Changing the Hello Interval The Master periodically sends Hello messages to the Backups. To change the Hello interval, enter a command such as the following at the configuration level for the VRID: FastIron SuperX Router(config-vlan-200-vrid-1)# hello-interval 10 Syntax: [no] hello-interval <num>...
Page 193 If you enable the non-preempt mode (thus disabling the preemption feature) on all the Backups, the Backup that becomes the Master following the disappearance of the Master continues to be the Master. The new Master is not preempted. December 2005 © Foundry Networks, Inc. 8 - 33...
Page 194: Displaying Vsrp Information
Foundry Configuration Guide for the FESX, FSX, and FWSX To disable preemption on a Backup, enter a command such as the following at the configuration level for the VRID: FastIron SuperX Router(config-vlan-200-vrid-1)# non-preempt-mode Syntax: [no] non-preempt-mode Suppressing RIP Advertisement from Backups Normally, for Layer 3 a VSRP Backup includes route information for a backed up IP address in RIP advertisements.
Page 195 VSRP priority after this device becomes the Master. This field can have one of the following values: • disabled – The device cannot be pre-empted. • enabled – The device can be pre-empted. December 2005 © Foundry Networks, Inc. 8 - 35...
Page 196 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 8.6: CLI Display of VSRP VRID or VLAN Information (Continued) This Field... Displays... save-current The source of VSRP timer values preferred when you save the configuration. This field can have one of the following values: •...
Page 197 Master. If a failover occurs, the VSRP-aware device changes the port to the port connected to the new Master. The VSRP-aware device uses this port to send and receive data through the backed up node. December 2005 © Foundry Networks, Inc. 8 - 37...
Page 198 Foundry Configuration Guide for the FESX, FSX, and FWSX 8 - 38 © Foundry Networks, Inc. December 2005...
Page 199: Udld Overview
This feature is useful for links that are individual ports and for trunk links. Figure 9.1 shows an example. December 2005 © Foundry Networks, Inc. 9 - 1...
Page 200: Configuration Considerations
Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 9.1 UDLD example Without link keepalive, the Foundry ports remain enabled. Traffic continues to be load balanced to the ports connected to the failed link. When link keepalive is enabled, the feature brings down the Foundry ports connected to the failed link.
Page 201: Changing The Keepalive Interval
VLAN ID is not specified, then UDLD control packets are sent out of the port as untagged packets. NOTE: You must configure the same VLANs that will be used for UDLD on all devices across the network; otherwise, the UDLD link cannot be maintained. December 2005 © Foundry Networks, Inc. 9 - 3...
Page 202: Displaying Udld Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying UDLD Information Displaying Information for All Ports To display UDLD information for all ports, enter the following command: FastIron SuperX Router(config)# show link-keepalive Total link-keepalive enabled ports: 4 Keepalive Retries: 3 Keepalive Interval: 1 Sec.
Page 203: Displaying Information For A Single Port
The number of UDLD health-check packets received on this port. Transitions The number of times the logical link state has changed between up and down. Port blocking Information used by Foundry technical support for troubleshooting. December 2005 © Foundry Networks, Inc. 9 - 5...
Page 204: Clearing Udld Statistics
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 9.3: CLI Display of Detailed UDLD Information (Continued) This Field... Displays... BM disabled Information used by Foundry technical support for troubleshooting. The show interface ethernet [<slotnum>/]<portnum> command also displays the UDLD state for an individual port.
Page 205: Trunk Group Overview
You can configure up to 4 ports as a trunk group, supporting transfer rates of up to 8 Gbps of bi-directional traffic. In addition to enabling load sharing of traffic, trunk groups provide redundant, alternate paths for traffic if any of the segments fail. December 2005 © Foundry Networks, Inc. 10 - 1...
Page 206: Trunk Group Connectivity To A Server
Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 10.1 shows an example of a configuration that uses trunk groups. Figure 10.1 Trunk Group application within a FastIron network FESX Gigabit . . . Backbone Trunk Group Power Users...
Page 207: Trunk Group Rules
Unlike the FES and other Foundry devices, trunk groups on the FESX, FSX, and FWSX are not classified as switch trunk groups or server trunk groups. • Table 10.2 lists the maximum number of trunk groups you can configure on a FESX, FSX, and FWSX, and the valid number of ports in a trunk group. •...
Page 208: T Runk G Roup C Onfiguration E Xamples
Make sure the device on the other end of the trunk link can support the same number of ports in the link. For example, if you configure a three-port trunk group on the FESX and the other end is a different type of switch, make sure the other switch can support a three-port trunk group.
Page 209 424F 8X-12GM-4 Even Even Console FastIron SuperX Even Even 424F 424C EJECT EJECT EJECT EJECT AC OK DC OK AC OK DC OK AC OK DC OK AC OK DC OK December 2005 © Foundry Networks, Inc. 10 - 5...
Page 210: Trunk Group Load Sharing
DC OK Trunk Group Load Sharing Unlike the FES and other Foundry devices, trunk groups on the FESX, FSX, and FWSX devices are not classified as switch trunk groups or server trunk groups. The Foundry device load shares across the ports in the trunk group. The method used for the load sharing depends on the following: •...
Page 211: Configuring A Trunk Group
Configuring Trunk Groups and Dynamic Link Aggregation Table 10.3 shows how the FESX, FWSX, and FSX load balance traffic across the ports in a trunk group, if the device is running FESX/FWSX software release 02.2.00 or later or FSX software release 02.1.00 or later.
Page 212 To configure the trunk groups shown in Figure 10.1, enter the following commands. Notice that the commands are entered on multiple devices. To configure the trunk group link between FSX1 and the FESX: NOTE: The text shown in italics in the CLI example below shows messages echoed to the screen in answer to the CLI commands entered.
Page 213: Cli Syntax
You can disable or re-enable individual ports in a trunk group. To disable an individual port in a trunk group, enter commands such as the following at the trunk group configuration level: FastIron SuperX Router(config-trunk-4/1-4/4)# config-trunk-ind December 2005 © Foundry Networks, Inc. 10 - 9...
Page 214 Foundry Configuration Guide for the FESX, FSX, and FWSX FastIron SuperX Router(config-trunk-4/1-4/4)# disable ethernet 4/2 Syntax: [no] config-trunk-ind Syntax: [no] disable ethernet [<slotnum>/]<portnum> The config-trunk-ind command enables configuration of individual ports in the trunk group. If you do not use this command, the disable command will be valid only for the primary port in the trunk group and will disable all ports in the trunk group.
Page 215: Displaying Trunk Group Configuration Information
Ports Link_Status active active active active down down active active LACP_Status ready ready ready expired down down ready ready Load Sharing Mac Address Multicast Syntax: show trunk [ethernet [<slotnum>/]<portnum> to [<slotnum>/]<portnum>] December 2005 © Foundry Networks, Inc. 10 - 11...
Page 216 Foundry Configuration Guide for the FESX, FSX, and FWSX The [<slotnum/> applies to chassis devices only. Table 10.5 describes the information displayed by the show trunk command. Table 10.5: CLI Trunk Group Information This Field... Displays... Trunk ID The trunk group number. The software numbers the groups in the display to make the display easy to use.
Page 217: Dynamic Link Aggregation
Foundry ports follow the same configuration rules for dynamically created aggregate links as they do for statically configured trunk groups. See “Trunk Group Rules” on page 10-3 and “Trunk Group Load Sharing” on page 10-6. Figure 10.5 on page 10-14 shows some examples of valid aggregate links. December 2005 © Foundry Networks, Inc. 10 - 13...
Page 218 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 10.5 Examples of valid aggregate links Foundry ports enabled for link aggregation follow the same rules as ports configured for trunk groups. Port 1/1 Port 1/2 Port 1/3 Port 1/4...
Page 219: Configuration Notes
This feature is supported only on Gigabit Ethernet ports. • The dynamic link aggregation (802.3ad) implementation on the FESX, FSX, and FWSX allow any number of ports up to four to be aggregated into a link. The feature does not require the aggregate link to consist of exactly two or four ports.
Page 220: Flexible Trunk Eligibility
Foundry Configuration Guide for the FESX, FSX, and FWSX Flexible Trunk Eligibility The criteria for being eligible to be in an aggregate link are flexible. A range of ports can contain down ports and still be eligible to become an aggregate link.
Page 221: Command Syntax
Syntax: [no] link-aggregate configure [system-priority <num>] | [port-priority <num>] | [key <num>] | [type server | switch] NOTE: For more information about keys, including details about the syntax shown above, see “Key” on page 10- December 2005 © Foundry Networks, Inc. 10 - 17...
Page 222: L Ink A Ggregation P Arameters
Foundry Configuration Guide for the FESX, FSX, and FWSX Link Aggregation Parameters You can change the settings on individual ports for the following link aggregation parameters: • System priority • Port priority • Link type • System Priority The system priority parameter specifies the Foundry device’s link aggregation priority relative to the devices at the other ends of the links on which link aggregation is enabled.
Page 223 1/1 – 1/4 and 3/5 – 3/8, you must change the link aggregation key on one or both groups of ports so that the key is the same on all eight ports. Figure 10.8 on page 10-20 shows an example. December 2005 © Foundry Networks, Inc. 10 - 19...
Page 224 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 10.8 Multi-slot aggregate link Port 1/1 All ports in a multi-slot aggregate link have Port 1/2 the same key. Port 1/3 Port 1/4 Port 3/5 Port 3/6 Port 3/7 Port 3/8 System ID: aaaa.bbbb.cccc...
Page 225 NOTE: For key configuration only, configuration commands differ depending on whether or not link aggregation is enabled on the port(s). Follow the appropriate set of commands below, according to your system’s configuration. December 2005 © Foundry Networks, Inc. 10 - 21...
Page 226: Displaying And Determining The Status Of Aggregate Links
Foundry Configuration Guide for the FESX, FSX, and FWSX For example, to change a port group’s key from the one assigned by the software to another value, enter commands such as the following: NOTE: Use this command sequence to change the key for ports that do not have link aggregation enabled, and for all other link aggregation parameters (i.e., system priority, port priority, and link type).
Page 227: About Blocked Ports
NOTE: Ports that are configured as part of an aggregate link must also have the same key. For more information about assigning keys, see the section “Link Aggregation Parameters” on page 10-18. December 2005 © Foundry Networks, Inc. 10 - 23...
Page 228 Foundry Configuration Guide for the FESX, FSX, and FWSX The show link aggregation command shows the following information. Table 10.7: CLI Display of Link Aggregation Information This Field... Displays... System ID Lists the base MAC address of the device. This is also the MAC address of port 1 (or 1/1).
Page 229 No – The link aggregation values that this port negotiated with the port at the other end of the link have not expired, so the port is still using the negotiated settings. December 2005 © Foundry Networks, Inc. 10 - 25...
Page 230: Displaying Trunk Group And Lacp Status Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 10.7: CLI Display of Link Aggregation Information (Continued) This Field... Displays... • Ope (operational) - The port is operating normally. • Ina (inactive) - The port is inactive because the port on the other side of the link is down or has stopped transmitting LACP packets.
Page 231: Configuring Virtual Lans (Vlans)
Same IP subnet address on multiple port-based VLANs 11-35 VLAN groups and virtual routing interface groups 11-40 Super Aggregated VLANs (SAVs) 11-43 802.1Q-in-Q tagging 11-49 Private VLANs 11-52 Dual-mode VLAN ports 11-56 Displaying VLAN information 11-59 December 2005 © Foundry Networks, Inc. 11 - 1...
Page 232: Vlan Overview
Foundry Configuration Guide for the FESX, FSX, and FWSX VLAN Overview The following sections provide details about the VLAN types and features supported on the FastIron family of switches. Types of VLANs You can configure the following types of VLANs on Foundry devices.
Page 233 You can configure each of the following types of protocol-based VLAN within a port-based VLAN. All the ports in the Layer 3 VLAN must be in the same Layer 2 VLAN. December 2005 © Foundry Networks, Inc. 11 - 3...
Page 234 Foundry Configuration Guide for the FESX, FSX, and FWSX • AppleTalk – The device sends AppleTalk broadcasts to all ports within the AppleTalk protocol VLAN. • IP – The device sends IP broadcasts to all ports within the IP protocol VLAN.
Page 235 Configuring Virtual LANs (VLANs) Integrated Switch Routing (ISR) Foundry Networks’ Integrated Switch Routing (ISR) feature enables VLANs configured on Layer 3 Switches to route Layer 3 traffic from one protocol VLAN or IP sub-net, IPX network, or AppleTalk cable VLAN to another.
Page 236: Default Vlan
Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: IP sub-net VLANs are not the same thing as IP protocol VLANs. An IP protocol VLAN sends all IP broadcasts on the ports within the IP protocol VLAN. An IP sub-net VLAN sends only the IP sub-net broadcasts for the sub-net of the VLAN.
Page 237: 802.1Q Tagging
If you use tagging on multiple devices, each device must be configured for tagging and must use the same tag value. In addition, the implementation of tagging must be compatible on the devices. The tagging on all Foundry devices is compatible with other Foundry devices. December 2005 © Foundry Networks, Inc. 11 - 7...
Page 238: Spanning Tree Protocol (Stp)
Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 11.5 shows an example of two devices that have the same Layer 2 port-based VLANs configured across them. Notice that only one of the VLANs requires tagging. Figure 11.5 VLANs configured across multiple devices User-configured port-based VLAN T = 802.1Q tagged port...
Page 239: Virtual Routing Interfaces
IP sub-net VLAN, then configure the appropriate IP routing parameters on each of the virtual routing interfaces. Figure 11.6 shows an example of Layer 3 protocol VLANs that use virtual routing interfaces for routing. December 2005 © Foundry Networks, Inc. 11 - 9...
Page 240: Vlan And Virtual Routing Interface Groups
Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 11.6 Use virtual routing interfaces for routing between Layer 3 protocol VLANs User-configured port-based VLAN User-configured protocol VLAN, IP sub-net VLAN, IPX network VLAN, or AppleTalk cable VLAN VE = virtual interface (”VE”...
Page 241 VLAN with dynamic ports—all ports are active when you create the VLAN A = active port C = candidate port When you add ports dynamically, all the ports are added when you add the VLAN. December 2005 © Foundry Networks, Inc. 11 - 11...
Page 242 Foundry Configuration Guide for the FESX, FSX, and FWSX Ports in a new protocol VLAN that do not receive traffic for the VLAN’s protocol age out after 10 minutes and become candidate ports. Figure 11.8 shows what happens if a candidate port receives traffic for the VLAN’s protocol.
Page 243: Super Aggregated Vlans
One of each type of protocol VLAN is configurable within each port-based VLAN on the Layer 2 Switch. • Multiple IP sub-net and IPX network VLANs are configurable within each port-based VLAN on the Layer 2 Switch. December 2005 © Foundry Networks, Inc. 11 - 13...
Page 244: Routing Between Vlan S
Foundry Configuration Guide for the FESX, FSX, and FWSX • Removing a configured port-based VLAN from a Foundry Networks Layer 2 Switch or Layer 3 Switch automatically removes any protocol-based VLAN, IP sub-net VLAN, AppleTalk cable VLAN, or IPX network VLAN, or any Virtual Ethernet router interfaces defined within the Port-based VLAN.
Page 245: Dynamic Port Assignment (Layer 2 Switches And Layer 3 Switches)
This section describes how to perform the following tasks for port-based VLANs using the CLI: • Create a VLAN • Delete a VLAN • Modify a VLAN • Change a VLAN’s priority • Enable or disable STP on the VLAN December 2005 © Foundry Networks, Inc. 11 - 15...
Page 246 Layer 3 forwarding between broadcast domains. The STP priority is configured to force FESX-A to be the root bridge for VLANs RED and BLUE. The STP priority on FESX-B is configured so that FESX-B is the root bridge for VLANs GREEN and BROWN.
Page 247 Zone A Zone B Zone C Zone D To configure the Port-based VLANs on the FESX Layer 2 Switches in Figure 11.10, use the following method. Configuring FESX-A Enter the following commands to configure FESX-A: FESX424 Switch> enable FESX424 Switch# configure terminal...
Page 248: Modifying A Port-Based Vlan
Foundry Configuration Guide for the FESX, FSX, and FWSX Configuring FESX-B Enter the following commands to configure FESX-B: FESX424 Switch> en FESX424 Switch# configure terminal FESX424 Switch(config)# hostname FESX-B FESX424 Switch-B(config)# vlan 2 name BROWN FESX424 Switch-B(config-vlan-2)# untag ethernet 1 to 4...
Page 249 Syntax: no vlan <vlan-id> by port Removing a Port from a VLAN Suppose you want to remove port 11 from VLAN 4 on FESX-A shown in Figure 11.10. To do so, use the following procedure. Access the global CONFIG level of the CLI on FESX424 Switch-A by entering the following command: FESX424 Switch-A>...
Page 250 NOTE: When port-based VLANs are not operating on the system, STP is set on a system-wide level at the global CONFIG level of the CLI. Access the global CONFIG level of the CLI on FESX-A by entering the following commands: FESX424 Switch-A> enable No password has been assigned yet...
Page 251: Configuring Ip Sub-Net, Ipx Network And Protocol-Based Vlans
Also suppose you want a single router interface to be present within all of these separate broadcast domains, without using IEEE 802.1Q VLAN tagging or any proprietary form of VLAN tagging. December 2005 © Foundry Networks, Inc. 11 - 21...
Page 252 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 11.11 shows this configuration. Figure 11.11 Protocol-based (Layer 3) VLANs FSX Router Port 25 IP-Subnet 1 IP-Subnet 2 IP Subnet 3 IPX Net 1 Appletalk Cable 100 Port 25 FESX...
Page 253: Configuring Ip Sub-Net, Ipx Network, And Protocol-Based Vlans Within Port-Based Vlans
A second set of ports within STP domain VLAN 2 will be restricted to only IPX traffic. The IP and IPX protocol VLANs will overlap on Port 1 of FESX-A to support both protocols on the same router interface. The IP sub-nets and IPX network that span the two protocol VLANs will be determined by the NetIron router configuration.
Page 254 VLAN 2 VLAN 3 VLAN 4 To configure the Layer 3 VLANs on the FESX Layer 2 Switches in Figure 11.12, use the following procedure. Configuring FESX-A Enter the following commands to configure FESX-A: Create port-based VLAN 2 and assign the untagged and tagged ports that will participate in this VLAN: FESX424 Switch-A >en...
Page 255 FESX424 Switch-A(config-vlan-other-proto)# no dynamic FESX424 Switch-A(config-vlan-other-proto)# exclude e1 to 8 FESX424 Switch-A(config-vlan-other-proto)# Create port-based VLAN 3. Note that FESX-B will be the root for this STP domain, so you do not need to adjust the STP priority. FESX424 Switch-A(config-vlan-other-proto)# vlan 3 name IP-Sub_IPX-Net_Vlans...
Page 256: Configuring An Ipv6 Protocol Vlan
Foundry Configuration Guide for the FESX, FSX, and FWSX FESX424 Switch-B(config-vlan-other-proto)# vlan 3 name IP-Sub_IPX-Net_VLANs FESX424 Switch-B(config-vlan-3)# untag e9 to 16 FESX424 Switch-B(config-vlan-3)# tag e25 to 26 FESX424 Switch-B(config-vlan-3)# spanning-tree FESX424 Switch-B(config-vlan-3)# spanning-tree priority 500 FESX424 Switch-B(config-vlan-3)# ip-sub 1.1.1.0/24 name Green...
Page 257 VLAN or within each Layer 3 protocol, IP sub-net, or IPX network VLAN. This combination of multiple Layer 2 and/ or Layer 3 broadcast domains and virtual routing interfaces are the basis for Foundry Networks’ very powerful Integrated Switch Routing (ISR) technology. ISR is very flexible and can solve many networking problems. The following example is meant to provide ideas by demonstrating some of the concepts of ISR.
Page 258 One way is to create a unique IP sub-net and IPX network VLAN, each with its own virtual routing interface and unique IP or IPX address within VLAN 2 on each FESX. In this example, this is the configuration used for VLAN 3.
Page 259 IPX router services from an external FESX. In this example, FESX-A will provide the routing services for VLAN 4. You also want to configure the STP priority for VLAN 4 to make FESX-A the root bridge for this VLAN.
Page 260 FESX424 Router-A(config-vif-7)# ip ospf area 0.0.0.0 FESX424 Router-A(config-vif-7)# ipx network 5 ethernet_802.3 FESX424 Router-A(config-vif-7)# This completes the configuration for FESX-A. The configuration for FESX-B and C is very similar except for a few issues. • IP sub-nets and IPX networks configured on FESX-B and FESX-C must be unique across the entire network, except for the backbone port-based VLANs 5, 6, and 7 where the sub-net is the same but the IP address must change.
Page 261 FESX424 Router-B(config-vif-6)# ip ospf area 0.0.0.0 FESX424 Router-B(config-vif-6)# ipx network 8 ethernet_802.3 FESX424 Router-B(config-vif-6)# Configuration for FESX-C Enter the following commands to configure FESX-C. FESX424 Router> en No password has been assigned yet... FESX424 Router# config t FESX424 Router(config)# hostname FESX-C FESX424 Router-C(config)# router ospf FESX424 Router-C(config-ospf-router)# area 0.0.0.0 normal...
Page 262 Foundry Configuration Guide for the FESX, FSX, and FWSX FESX424 Router-C(config-vlan-2)# untag e 1 to 4 FESX424 Router-C(config-vlan-2)# no spanning-tree FESX424 Router-C(config-vlan-2)# router-interface ve1 FESX424 Router-C(config-vlan-2)# other-proto name block-other-protocols FESX424 Router-C(config-vlan-other-proto)# no dynamic FESX424 Router-C(config-vlan-other-proto)# exclude e 1 to 4 FESX424 Router-C(config-vlan-other-proto)# int ve1 FESX424 Router-C(config-vif-1)# ip addr 1.1.9.1/24...
Page 263: Configuring Protocol Vlans With Dynamic Ports
FastIron SuperX Router(config)# vlan 10 by port FastIron SuperX Router(config-vlan-10)# untag ethernet 1/1 to 1/6 added untagged port ethe 1/1 to 1/6 to port-vlan 30. FastIron SuperX Router(config-vlan-10)# ip-proto name IP_Prot_VLAN FastIron SuperX Router(config-vlan-10)# dynamic December 2005 © Foundry Networks, Inc. 11 - 33...
Page 264: Configuring An Ip Sub-Net Vlan With Dynamic Ports
Foundry Configuration Guide for the FESX, FSX, and FWSX FastIron SuperX Router(config)# write memory Syntax: vlan <vlan-id> by port [name <string>] Syntax: untagged ethernet [<slotnum>/]<portnum> to [<slotnum>/]<portnum> Syntax: untagged ethernet [<slotnum>/]<portnum> ethernet [<slotnum>/]<portnum> NOTE: Use the first untagged command for adding a range of ports. Use the second command for adding separate ports (not in a range).
Page 265: Configuring Uplink Ports Within A Port-Based Vlan
The IP address on each of the virtual routing interfaces must be in a separate sub-net. The Foundry device routes Layer 3 traffic between the sub-nets using the sub-net addresses. NOTE: This feature applies only to Layer 3 Switches. December 2005 © Foundry Networks, Inc. 11 - 35...
Page 266 Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: Before using the method described in this section, see “Configuring VLAN Groups and Virtual Routing Interface Groups” on page 11-40. You might be able to achieve the results you want using the methods in that section instead.
Page 267 When the host that sent the ARP then sends a unicast packet addressed to the virtual routing interface’s MAC address, the device switches the packet on Layer 3 to the destination host on the VLAN. December 2005 © Foundry Networks, Inc. 11 - 37...
Page 268 Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: If the Foundry device’s ARP table does not contain the requested host, the Foundry device forwards the ARP request on Layer 2 to the same VLAN as the one that received the ARP request. Then the device sends an ARP for the destination to the other VLANs that are using the same IP sub-net address.
Page 269: Using Separate Acls On Ip Follower Virtual Routing Interfaces
FastIron SuperX Router(config)# interface ve 3 FastIron SuperX Router(config-ve-3)# ip follow ve 1 FastIron SuperX Router(config-ve-3)# no ip follow acl FastIron SuperX Router(config-ve-3)# ip access-group 3 out FastIron SuperX Router(config-ve-3)# exit December 2005 © Foundry Networks, Inc. 11 - 39...
Page 270: Configuring Vlan Groups And Virtual Routing Interface Groups
Foundry Configuration Guide for the FESX, FSX, and FWSX Configuring VLAN Groups and Virtual Routing Interface Groups To simplify configuration when you have many VLANs with the same configuration, you can configure VLAN groups and virtual routing interface groups. NOTE: VLAN groups are supported on Layer 3 Switches and Layer 2 Switches. Virtual routing interface groups are supported only on Layer 3 Switches.
Page 271: Configuring A Virtual Routing Interface Group
These commands enable VLAN group 1 to have a group virtual routing interface, then configure virtual routing interface group 1. The software always associates a virtual routing interface group only with the VLAN group that December 2005 © Foundry Networks, Inc. 11 - 41...
Page 272 Foundry Configuration Guide for the FESX, FSX, and FWSX has the same ID. In this example, the VLAN group ID is 1, so the corresponding virtual routing interface group also must have ID 1. Syntax: group-router-interface Syntax: interface group-ve <num>...
Page 273: Configuring Super Aggregated Vlans
Conceptually, the paths and channels are similar to Asynchronous Transfer Mode (ATM) paths and channels. A path contains multiple channels, each of which is a dedicated circuit between two end points. The two devices at December 2005 © Foundry Networks, Inc. 11 - 43...
Page 274 Foundry Configuration Guide for the FESX, FSX, and FWSX the end points of the channel appear to each other to be directly attached. The network that connects them is transparent to the two devices. You can aggregate up to 4094 VLANs within another VLAN. This provides a total VLAN capacity on one Foundry device of 16,760,836 channels (4094 * 4094).
Page 275: Configuring Aggregated Vlans
Add the port connected to the client as an untagged port. • Add the port connected to the core device (the device that will aggregate the VLANs) as a tagged port. December 2005 © Foundry Networks, Inc. 11 - 45...
Page 276 Foundry Configuration Guide for the FESX, FSX, and FWSX This port must be tagged because all the client VLANs share the port as an uplink to the core device. • On each core device: • Enable VLAN aggregation. This support allows the core device to add an additional tag to each Ethernet frame that contains a VLAN packet from the edge device.
Page 277: Verifying The Configuration
FastIron SuperX RouterA(config-vlan-104)# exit FastIron SuperX RouterA(config)# vlan 105 by port FastIron SuperX RouterA(config-vlan-105)# tagged ethernet 2/1 FastIron SuperX RouterA(config-vlan-105)# untagged ethernet 1/5 FastIron SuperX RouterA(config-vlan-105)# exit FastIron SuperX RouterA(config)# write memory December 2005 © Foundry Networks, Inc. 11 - 47...
Page 278 Foundry Configuration Guide for the FESX, FSX, and FWSX Commands for Device B The commands for configuring device B are identical to the commands for configuring device A. Notice that you can use the same channel VLAN numbers on each device. The devices that aggregate the VLANs into a path can distinguish between the identically named channel VLANs based on the ID of the path VLAN.
Page 279 802.1Q tagging is an IEEE standard that enables a networking device to add information to a Layer 2 packet in order to identify the VLAN membership of the packet. Foundry devices tag a packet by adding a four-byte tag to December 2005 © Foundry Networks, Inc. 11 - 49...
Page 280 VLAN from which the packet was sent. The tag and VLAN ID keep traffic from each VLAN segregated and private. • FESX releases prior to 01.1.00 enable you to configure a single 802.1Q tag type on all ports on the device. The default 802.1Q tag on a Foundry device is 8100 (hexadecimal), compliant with the 802.1Q specification.
Page 281: Configuration Rules
• If you do not specify a port or range of ports, the 802.1Q tag applies to all Ethernet ports on the device. December 2005 © Foundry Networks, Inc. 11 - 51...
Page 282: Example Configuration
Foundry Configuration Guide for the FESX, FSX, and FWSX Example Configuration Figure 11.20 shows an example 802.1Q-in-Q configuration. Figure 11.20 Example 802.1Q-in-Q Configuration Client 6 Client 10 Client 8 Client 1 Client 3 Client 5 Port 1 Port 5 Port 3...
Page 283 Each private VLAN must have a primary VLAN. The primary VLAN is the interface between the secured ports and the rest of the network. The private VLAN can have any combination of community and isolated VLANs. December 2005 © Foundry Networks, Inc. 11 - 53...
Page 284: Implementation Notes
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 11.3 list the differences between private VLANs and standard VLANs. Table 11.3: Comparison of Private VLANs and Standard Port-Based VLANs Forwarding Behavior Private VLANs Standard VLANs All ports within a VLAN constitute...
Page 285 To configure the ports in the primary VLAN to forward broadcast or unknown unicast traffic received from sources outside the private VLAN, enter the following commands at the global CONFIG level of the CLI: December 2005 © Foundry Networks, Inc. 11 - 55...
Page 286: Cli Example For Figure 11.21
Foundry Configuration Guide for the FESX, FSX, and FWSX FastIron SuperX Router(config)# pvlan-preference broadcast flood FastIron SuperX Router(config)# pvlan-preference unknown-unicast flood These commands enable forwarding of broadcast and unknown-unicast packets to ports within the private VLAN. To again disable forwarding, enter a command such as the following: FastIron SuperX Router(config)# no pvlan-preference broadcast flood This command disables forwarding of broadcast packets within the private VLAN.
Page 287 10. This means that the port transmits tagged traffic on VLAN 20 (and all other VLANs to which the port belongs) and transmits untagged traffic on VLAN 10. December 2005 © Foundry Networks, Inc. 11 - 57...
Page 288 Foundry Configuration Guide for the FESX, FSX, and FWSX The dual-mode feature allows tagged traffic for VLAN 20 and untagged traffic for VLAN 10 to go through port 2/11 at the same time. A dual-mode port transmits only untagged traffic on its default VLAN (that is, either VLAN 1, or a user-specified VLAN ID), and only tagged traffic on all other VLANs.
Page 289: Displaying Vlan Information
The <vlan-id> parameter specifies a VLAN for which you want to display the configuration information. The <slotnum> parameter is required on chassis devices. The <portnum> parameter specifies a port. If you use this parameter, the command lists all the VLAN memberships for the port. December 2005 © Foundry Networks, Inc. 11 - 59...
Page 290: Displaying Vlan Information For Specific Ports
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying VLAN Information for Specific Ports Use one of the following methods to display VLAN information for specific ports. To display VLAN information for all the VLANs of which port 7/1 is a member, enter the following command:...
Page 291: Rule-Based Ip Access Control Lists (Acls)
CPU for processing. Rule-based ACLs are supported on physical interfaces, trunk groups, and virtual routing interfaces. NOTE: The FESX, FSX, and FWSX devices support hardware-based ACLs only. These devices do not support flow-based ACLs. In contrast, FES devices support flow-based ACLs only.
Page 292: Acl Overview
ACLs cannot exceed the system maximum. • One-Gigabit ports on the FESX support up to 1016 ACL rules. On the FSX, multiple ACL groups share 1016 ACL rules per port region. Each ACL group must contain one entry for the implicit deny all IP traffic clause.
Page 293: Numbered And Named Acls
ACL entries to the packet and permits or denies the packet according to the first matching ACL. • For other fragments of the same packet, they are subject to a rule only if there is no Layer 4 information in the rule or in any preceding rules. December 2005 © Foundry Networks, Inc. 12 - 3...
Page 294: Hardware Aging Of Layer 4 Cam Entries
One-Gigabit ports on all FESX and FWSX devices support up to 1016 ACL rules. 10-Gigabit ports on all FESX and FWSX devices support up to 1024 ACL rules. ACLs on the FSX are affected by port regions. Multiple ACL groups share 1016 ACL rules per port region. Each ACL group must contain one entry for the implicit deny all IP traffic clause.
Page 295: Standard Numbered Acl Syntax
The in parameter applies the ACL to incoming traffic on the interface to which you apply the ACL. You can apply the ACL to an Ethernet port or virtual interface. December 2005 © Foundry Networks, Inc. 12 - 5...
Page 296: Configuration Example For Standard Numbered Acls
Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: If the ACL is for a virtual routing interface, you also can specify a subset of ports within the VLAN containing that interface when assigning an ACL to the interface.
Page 297 NOTE: If the ACL is bound to a virtual routing interface, you also can specify a subset of ports within the VLAN containing that interface when assigning an ACL to the interface. December 2005 © Foundry Networks, Inc. 12 - 7...
Page 298: Configuration Example For Standard Named Acls
Foundry Configuration Guide for the FESX, FSX, and FWSX Configuration Example for Standard Named ACLs To configure a standard named ACL, enter commands such as the following. FESX424 Router(config)# ip access-list standard Net1 FESX424 Router(config-std-nacl)# deny host 209.157.22.26 log FESX424 Router(config-std-nacl)# deny 209.157.29.12 log...
Page 299 The <icmp-num> parameter can be a value from 0 – 255. The <icmp-type> parameter can have one of the following values, depending on the software version the device is running: • any-icmp-type • echo • echo-reply • information-request • • mask-reply December 2005 © Foundry Networks, Inc. 12 - 9...
Page 300 Foundry Configuration Guide for the FESX, FSX, and FWSX • mask-request • parameter-problem • redirect • source-quench • time-exceeded • timestamp-reply • timestamp-request • traffic policy • unreachable • <num> The <tcp/udp comparison operator> parameter specifies a comparison operator for the TCP or UDP port number.
Page 301 To do so, re-enter the ACL or filter command and add the log parameter to the end of the ACL or filter. The software replaces the ACL or filter command with the new one. The new ACL or filter, with logging enabled, takes effect immediately. December 2005 © Foundry Networks, Inc. 12 - 11...
Page 302: Configuration Examples For Extended Numbered Acls
Foundry Configuration Guide for the FESX, FSX, and FWSX The traffic-policy option enables the device to rate limit inbound traffic and to count the packets and bytes per packet to which ACL permit or deny clauses are applied. For configuration procedures and examples, see the chapter “Traffic Policies”...
Page 303: Configuring Extended Named Acls
The IP protocol can be one of the following well-known names or any IP protocol number from 0 – 255: • Internet Control Message Protocol (ICMP) • Internet Group Management Protocol (IGMP) December 2005 © Foundry Networks, Inc. 12 - 13...
Page 304 Foundry Configuration Guide for the FESX, FSX, and FWSX • Internet Gateway Routing Protocol (IGRP) • Internet Protocol (IP) • Open Shortest Path First (OSPF) • Transmission Control Protocol (TCP) • User Datagram Protocol (UDP) For TCP and UDP, you also can specify a comparison operator and port name or number. For example, you can configure a policy to block web access to a specific website by denying all TCP port 80 (HTTP) packets from a specified source IP address to the website’s IP address.
Page 305: Extended Named Acl Syntax
The <icmp-num> parameter can be a value from 0 – 255. The <icmp-type> parameter can have one of the following values, depending on the software version the device is running: • any-icmp-type December 2005 © Foundry Networks, Inc. 12 - 15...
Page 306 Foundry Configuration Guide for the FESX, FSX, and FWSX • echo • echo-reply • information-request • • mask-reply • mask-request • parameter-problem • redirect • source-quench • time-exceeded • timestamp-reply • timestamp-request • traffic policy • unreachable • <num> The <tcp/udp comparison operator> parameter specifies a comparison operator for the TCP or UDP port number.
Page 307 0 – 63 DSCP values, and distributes them among eight traffic classes (internal priorities) and eight 802.1p priorities. NOTE: The dscp-cos-mapping option overrides port-based priority settings. December 2005 © Foundry Networks, Inc. 12 - 17...
Page 308: Configuration Example For Extended Named Acls
Foundry Configuration Guide for the FESX, FSX, and FWSX The dscp-marking option enables you to configure an ACL that marks matching packets with a specified DSCP value Enter a value from 0 – 63. See “Using an IP ACL to Mark DSCP Values (DSCP Marking)” on page 12-23.
Page 309 0.0.0.40 255.255.255.0 0.0.0.2 255.255.255.0 (Flows: N/A, Packets: N/A) ACL Comments: The following line permits UDP packets permit udp 0.0.0.52 255.255.255.0 0.0.0.2 255.255.255.0 (Flows: N/A, Packets: N/A) deny ip any any (Flows: N/A, Packets: N/A) December 2005 © Foundry Networks, Inc. 12 - 19...
Page 310: Ve Port Membership
Foundry Configuration Guide for the FESX, FSX, and FWSX The next example shows the comment text for a named ACL in a show access-list display: FESX424 Router# show access-list TCP/UDP IP access list rate-limit 100 aaaa.bbbb.cccc Extended IP access list TCP/UDP (Total flows: N/A, Total packets: N/A)
Page 311 To apply an ACL to a subset of ports within a virtual interface, enter commands such as the following: FastIron SuperX Router(config)# vlan 10 name IP-subnet-vlan FastIron SuperX Router(config-vlan-10)# untag ethernet 1/1 to 2/12 December 2005 © Foundry Networks, Inc. 12 - 21...
Page 312: Filtering On Ip Precedence And Tos Values
Syntax: [no] ip access-group <ACL ID> in ethernet <slotnum>/<portnum> [to <slotnum>/<portnum>] The <ACL ID> parameter is the access list name or number. The <slotnum> parameter applies on chassis devices only. It does not apply on FESX devices. Filtering on IP Precedence and ToS Values To configure an extended IP ACL that matches based on IP precedence, enter commands such as the following: FESX424 Router(config)# access-list 103 deny tcp 209.157.21.0/24 209.157.22.0/24...
Page 313: Qos Options For Ip Acls
Using an ACL to Map the DSCP Value (DSCP CoS Mapping) The dscp-cos-mapping option on the FESX and FSX maps the DSCP value in incoming packets to a hardware table that provides mapping of each of the 0 – 63 DSCP values, and distributes them among eight traffic classes (internal priorities) and eight 802.1p priorities.
Page 314: Dscp Matching
Foundry Configuration Guide for the FESX, FSX, and FWSX The dscp-marking <dscp-value> parameter maps a DSCP value to an internal forwarding priority. The DSCP value can be from 0 – 63. Using an ACL to Change the Forwarding Queue The 802.1p-priority-marking <0 – 7> parameter re-marks the packets of the 802.1Q traffic that match the ACL with this new 802.1p priority, or marks the packets of the non-802.1Q traffic that match the ACL with this 802.1p...
Page 315: Acl Counting
ACL, then reapply the ACL. If you are using another feature that requires ACLs, either use the same ACL entries for filtering and for the other feature, or change to flow-based ACLs. December 2005 © Foundry Networks, Inc. 12 - 25...
Page 316 Foundry Configuration Guide for the FESX, FSX, and FWSX 12 - 26 © Foundry Networks, Inc. December 2005...
Page 317: Classification
Traffic can be dropped, prioritized for guaranteed delivery, or subject to limited delivery options as configured by a number of different mechanisms. This chapter describes how QoS is implemented and configured in the FESX, FSX, and FWSX devices. This chapter contains the topics listed in Table 13.1.
Page 318: Processing Of Classified Traffic
Once a packet or traffic flow is classified, it is mapped to a forwarding priority queue. Packets on the FESX, FSX, and FWSX are classified in up to eight traffic classes with values between 0 and 7. Packets with higher priority classifications are given a precedence for forwarding.
Page 319 Trust the priority MAC address of the static match a static MAC entry entry? Does the port have a Trust the port’s default default priority priority? Use the default priority of 0 December 2005 © Foundry Networks, Inc. 13 - 3...
Page 320 Foundry Configuration Guide for the FESX, FSX, and FWSX As shown in the figure, the first criteria considered is whether the packet matches on an ACL that defines a priority. If this is not the case and the packet is tagged, the packet is classified with the 802.1p CoS value. If neither of these are true, the packet is next classified based on the static MAC address, ingress port default priority, or the default priority of zero (0).
Page 321 802.1p (COS) Value DSCP value Internal Forwarding Priority Forwarding Queue Table 13.4: Default QoS Mappings, Columns 32 to 47 DSCP value 802.1p (COS) Value DSCP value Internal Forwarding Priority Forwarding Queue December 2005 © Foundry Networks, Inc. 13 - 5...
Page 322: Qos Queues
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 13.5: Default QoS Mappings, Columns 48 to 63 DSCP value 802.1p (COS) Value DSCP value Internal Forwarding Priority Forwarding Queue Mapping between DSCP value and Forwarding Queue cannot be changed. However, mapping between DSCP values and the other properties can be changed as follows: •...
Page 323: Assigning Qos Priorities To Traffic
When you apply a QoS priority to one of the items listed above, you specify a number from 0 – 7. The priority number specifies the IEEE 802.1 equivalent to one of the eight QoS queues on FESX, FSX, and FWSX devices.
Page 324: Marking
Using ACLs to Honor DSCP-based QoS FESX, FSX, and FWSX devices require the use of an ACL to honor DSCP-based QoS for routed traffic in the Layer 3 image, or for switched traffic in the Layer 2 image. To enable DSCP-based QoS on these devices, apply...
Page 325 Table 13.8 list the default mappings of internal forwarding priority values to the hardware forwarding queues. Table 13.8: Default Mappings of Internal Forwarding Priority Values Internal Forwarding Forwarding Queues Priority 0 (lowest priority qosp0 queue) qosp1 qosp2 qosp3 qosp4 qosp5 qosp6 7 (highest priority qosp7 queue) December 2005 © Foundry Networks, Inc. 13 - 9...
Page 326 Foundry Configuration Guide for the FESX, FSX, and FWSX You can change the DSCP -> internal forwarding mappings. You also can change the internal forwarding priority -> hardware forwarding queue mappings. Changing the DSCP –> Internal Forwarding Priority Mappings To change the DSCP –> internal forwarding priority mappings for all the DSCP ranges, enter commands such as...
Page 327: Scheduling
Weighted Round Robin (WRR) – WRR ensures that all queues are serviced during each cycle. A weighted fair queuing algorithm is used to rotate service among the eight queues on FESX, FSX, and FWSX devices. The rotation is based on the weights you assign to each queue. This method rotates service among the queues, forwarding a specific number of packets in one queue before moving on to the next one.
Page 328: Selecting The Qos Queuing Method
The minimum percentage of a port’s outbound bandwidth guaranteed to the queue Renaming the Queues The default queue names on FESX, FSX, and FWSX devices are qosp7, qosp6, qosp5, qosp4, qosp3, qosp2, qosp1, and qosp0. You can change one or more of the names if desired.
Page 329 NOTE: Queue cycles on the FESX, FSX, and FWSX are based on bytes. These devices service a given number of bytes (based on the weight) in each queue cycle. FES and BI/FI queue cycles are based on packets.
Page 330 The <percentage> parameter specifies a number for the percentage of the device’s outbound bandwidth that is allocated to the queue. The FESX, FSX, and FWSX QoS queues require a minimum bandwidth percentage of 3% for each priority. When jumbo frames are enabled, the minimum bandwidth requirement is 8%. If these minimum values are not met, QoS may not be accurate.
Page 331: Viewing Qos Settings
To display the QoS settings for all the queues, enter the show qos-profiles command, as shown in the following examples. The following shows an example display output on a FESX. FESX424 Switch(config)# show qos-profiles all bandwidth scheduling mechanism: weighted priority...
Page 332 Foundry Configuration Guide for the FESX, FSX, and FWSX Viewing DSCP-based QoS Settings To display configuration information for DSCP-based QoS, enter the following command at any level of the CLI: FastIron SuperX Switch(config)#show qos-tos DSCP-->Traffic-Class map: (DSCP = d1d2: 00, 01...63) -----+---------------------------------------- Traffic-Class-->802.1p-Priority map (use to derive DSCP--802.1p-Priority):...
Page 333 The traffic class to 802.1p Priority mappings that are currently in effect. Note: The example above shows the default mappings. If you change the mappings, the command displays the changed mappings. December 2005 © Foundry Networks, Inc. 13 - 17...
Page 334 Foundry Configuration Guide for the FESX, FSX, and FWSX 13 - 18 © Foundry Networks, Inc. December 22, 2005...
Page 335: Overview
Addressable Memory (CAM) for the rate limiting policies. The CAM entries enable the device to perform the rate limiting in hardware instead of sending the traffic to the CPU. The device sends the first packet in a given traffic December 2005 © Foundry Networks, Inc. 14 - 1...
Page 336: Configuration Notes
Foundry Configuration Guide for the FESX, FSX, and FWSX flow to the CPU, which creates a CAM entry for the traffic flow. A CAM entry consists of the source and destination addresses of the traffic. The device uses the CAM entry for rate limiting all the traffic within the same flow.
Page 337: Optimizing Rate Limiting
Syntax: [no] rate-limit input fixed <average-rate> The <average-rate> parameter specifies the maximum number of bits per second (bps) the port can receive. The minimum rate that can be configured on FESX, FSX, and FWSX devices is 64,000 bps. Configuring an ACL-Based Rate Limiting Policy Software releases 02.3.03 and later provide support for IP ACL-based rate limiting of inbound traffic.
Page 338: Displaying The Fixed Rate Limiting Configuration
The <average-rate> parameter specifies the maximum number of bits per second (bps) the port can receive. The minimum rate that can be configured on FESX, FSX, and FWSX devices is 64,000 bps. By default, rate limiting is optimized for packets that are 256 bytes in size.
Page 339: Chapter 15 Traffic Policies
Count the packets and bytes per packet to which ACL permit or deny clauses are applied This chapter describes how traffic policies are implemented and configured in the FESX, FSX, and FWSX devices. This chapter contains the topics listed in Table 15.1.
Page 340: Configuration Notes And Feature Limitations
Foundry Configuration Guide for the FESX, FSX, and FWSX are configuring. The total number of active TPDs cannot exceed the system maximum. See “Maximum Number of Traffic Policies Supported on a Device” on page 15-3. When you apply a traffic policy to an interface, you do so by adding a reference to the traffic policy in an ACL entry, instead of applying the individual traffic policy to the interface.
Page 341: Maximum Number Of Traffic Policies Supported On A Device
(New in 02.3.03 – see “Applying an ACL to a Subset of Ports on a Virtual Interface (Layer 3 Devices Only)” on page 12-21.) December 2005 © Foundry Networks, Inc. 15 3...
Page 342: Support For Fixed Rate Limiting And Adaptive Rate Limiting
Foundry Configuration Guide for the FESX, FSX, and FWSX Support for Fixed Rate Limiting and Adaptive Rate Limiting X-Series devices support the following types of ACL-based rate limiting: • Fixed Rate Limiting – Enforces a strict bandwidth limit. The device forwards traffic that is within the limit but either drops all traffic that exceeds the limit, or forwards all traffic that exceeds the limit at the lowest priority level, according to the action specified in the traffic policy.
Page 343: Configuring Acl-Based Adaptive Rate Limiting
4000 bytes above the PIR limit. If the port receives additional bits during a given one-second interval, the port drops all packets on the port until the next one-second interval starts. December 2005 © Foundry Networks, Inc. 15 5...
Page 344: Specifying The Action To Be Taken For Packets That Are Over The Limit
Foundry Configuration Guide for the FESX, FSX, and FWSX Syntax: [no] traffic-policy <TPD name> rate-limit adaptive cir <cir value> cbs <cbs value> pir <pir value> pbs <pbs value> exceed-action <action> [count] Syntax: access-list <num> permit | deny..traffic policy <TPD name>...
Page 345: Acl And Rate Limit Counting
This section provides the following procedures for ACL counting and rate limit counting: • “Enabling ACL Counting” on page 15-8 • “Viewing ACL And Rate Limit Counters” on page 15-9 • “Clearing ACL and Rate Limit Counters” on page 15-10 December 2005 © Foundry Networks, Inc. 15 7...
Page 346: Enabling Acl Counting
Foundry Configuration Guide for the FESX, FSX, and FWSX Enabling ACL Counting Use the procedures in this section to configure ACL counting. Before configuring this feature, see what to consider in “Configuration Notes and Feature Limitations” on page 15-2. To enable ACL counting on an X-Series device, first create a traffic policy, then reference the traffic policy in an extended ACL entry.
Page 347: Viewing Acl And Rate Limit Counters
The name of the traffic policy. General Counters: Port Region # The port region to which the active traffic policy applies. Byte Count The number of bytes that were filtered (matched ACL clauses). December 2005 © Foundry Networks, Inc. 15 9...
Page 348: Clearing Acl And Rate Limit Counters
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 2: ACL and Rate Limit Counting Statistics This Line... Displays... Packet Count The number of packets that were filtered (matched ACL clauses). Rate Limiting Counters: Port Region# The port region to which the active traffic policy applies.
Page 349 Disabled – The traffic policy does not include an ACL traffic counting configuration. Number of References/ The number of times this traffic policy is referenced in an Bindings ACL statement and the number of active bindings for this traffic policy. December 2005 © Foundry Networks, Inc. 15 11...
Page 350 Foundry Configuration Guide for the FESX, FSX, and FWSX 15 12 © Foundry Networks, Inc. December 2005...
Page 351: Chapter 16 Configuring Ip
• “Configuring RIP” on page 17-1 • “Configuring OSPF” on page 20-1 • “Configuring BGP4” on page 21-1 December 2005 © Foundry Networks, Inc. 16 - 1...
Page 352: Overview
Overview Foundry Networks Layer 2 Switches and Layer 3 Switches support Internet Protocol (IP) version 4. IP support on Foundry Layer 2 Switches consists of basic services to support management access and access to a default gateway. IP support on Foundry Layer 3 Switches includes all of the following, in addition to a highly configurable...
Page 353: Ip Packet Flow Through A Layer 3 Switch
Balancing Algorithm Mult. Equal- cost Paths Lowest Metric IP acc policy Session Fwding Lowest Incoming IP Route Table Cache Admin. OSPF Port Table Distance BGP4 Outgoing Port Static ARP Cache Table December 2005 © Foundry Networks, Inc. 16 - 3...
Page 354 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 16.1 shows the following packet flow: When the Layer 3 Switch receives an IP packet, the Layer 3 Switch checks for filters on the receiving interface. If a deny filter on the interface denies the packet, the Layer 3 Switch discards the packet and performs no further processing, except generating a Syslog entry and SNMP message, if logging is enabled for the filter.
Page 355 A route learned through BGP4 The IP route table contains the best path to a destination. • When the software receives paths from more than one of the sources listed above, the software compares the December 2005 © Foundry Networks, Inc. 16 - 5...
Page 356 Foundry Configuration Guide for the FESX, FSX, and FWSX administrative distance of each path and selects the path with the lowest administrative distance. The administrative distance is a protocol-independent value from 1 – 255. • When the software receives two or more best paths from the same source and the paths have the same metric (cost), the software can load share traffic among the paths based on destination host or network address (based on the configuration and the Layer 3 Switch model).
Page 357: Ip Route Exchange Protocols
For configuration information, see “Configuring IP Multicast Protocols” on page 19-1. NOTE: Foundry Layer 2 Switches support IGMP and can forward IP multicast packets. See the chapter “Configuring IP Multicast Traffic Reduction” . December 2005 © Foundry Networks, Inc. 16 - 7...
Page 358: Ip Interface Redundancy Protocols
Foundry Configuration Guide for the FESX, FSX, and FWSX IP Interface Redundancy Protocols You can configure a Foundry Layer 3 Switch to back up an IP interface configured on another Foundry Layer 3 Switch. If the link for the backed up interface becomes unavailable, the other Layer 3 Switch can continue service for the interface.
Page 359: When Parameter Changes Take Effect
• Class-based format; example: 192.168.1.1 display of IP 255.255.255.0 addresses, but you can enter addresses in • Classless Interdomain Routing (CIDR) format; either format example: 192.168.1.1/24 regardless of the display setting. December 2005 © Foundry Networks, Inc. 16 - 9...
Page 360 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 16.2: IP Global Parameters – Layer 3 Switches (Continued) Parameter Description Default See page... Router ID The value that routers use to identify themselves to The IP address 16-23 other routers when exchanging route information.
Page 361 No entries 16-46 entries requests from hosts. Note: You must enter the RARP entries manually. The Layer 3 Switch does not have a mechanism for learning or dynamically generating RARP entries. December 2005 © Foundry Networks, Inc. 16 - 11...
Page 362 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 16.2: IP Global Parameters – Layer 3 Switches (Continued) Parameter Description Default See page... Maximum The maximum number of hops away a BootP server Four 16-50 BootP relay can be located from a router and still be used by the hops router’s clients for network booting.
Page 363: Ip Interface Parameters - Layer 3 Switches
BootP requests (bootpc) must be enabled and you must configure an IP helper address (the server’s IP address or a directed broadcast to the server’s sub- net) on the port connected to the client. December 2005 © Foundry Networks, Inc. 16 - 13...
Page 364 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 16.3: IP Interface Parameters – Layer 3 Switches (Continued) Parameter Description Default See page... UDP broadcast The router can forward UDP broadcast packets for The router helps 16-48 forwarding UDP applications such as BootP. By forwarding the...
Page 365: Basic Ip Parameters And Defaults - Layer 2 Switches
ARP change the ARP age entry is refreshed and removes the entry if the timer on Layer 2 Switches. reaches the ARP age. December 2005 © Foundry Networks, Inc. 16 - 15...
Page 366 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 16.4: IP Global Parameters – Layer 2 Switches (Continued) Parameter Description Default See page... Time to Live The maximum number of routers (hops) through 64 hops 16-53 (TTL) which a packet can pass before being discarded.
Page 367: Interface Ip Parameters - Layer 2 Switches
See “Changing the Network Mask Display to Prefix Format” on page 16-57. Assigning an IP Address to an Ethernet Port To assign an IP address to port 1/1, enter the following commands: FastIron SuperX Router(config)# interface ethernet 1/1 December 2005 © Foundry Networks, Inc. 16 - 17...
Page 368 Foundry Configuration Guide for the FESX, FSX, and FWSX FastIron SuperX Router(config-if-1/1)# ip address 192.45.6.1 255.255.255.0 NOTE: You also can enter the IP address and mask in CIDR format, as follows: FastIron SuperX Router(config-if-1/1)# ip address 192.45.6.1/24 Syntax: [no] ip address <ip-addr> <ip-mask> [ospf-ignore | ospf-passive | secondary] Syntax: [no] ip address <ip-addr>/<mask-bits>...
Page 369: Configuring Domain Name Server (Dns) Resolver
FESX424 Router# ping nyc01 FESX424 Router# ping nyc01.newyork.com 1.Foundry’s feature that allows routing between VLANs within the same device, without the need for external routers, is called Integrated Switch Routing (ISR). December 2005 © Foundry Networks, Inc. 16 - 19...
Page 370: Configuring Packet Parameters
Foundry Configuration Guide for the FESX, FSX, and FWSX Defining a DNS Entry You can define up to four DNS servers for each DNS entry. The first entry serves as the primary default address. If a query to the primary address fails to be resolved after three attempts, the next gateway address is queried (also up to three times).
Page 371 Leave the MTU size on the other ports at the default value (1500 bytes). Globally increase the MTU size only if needed. • Use the same MTU size on all ports that will be supporting jumbo frames. If the device needs to fragment a December 2005 © Foundry Networks, Inc. 16 - 21...
Page 372 Foundry Configuration Guide for the FESX, FSX, and FWSX jumbo frame (and the frame does not have the DF bit set), the device fragments the frame into 1500-byte fragments, even if the outbound port has a larger MTU. For example, if a port has an MTU setting of 8000 and receives an 8000-byte frame, then must forward the frame onto a port with an MTU of 4000, the device does not fragment the 8000-byte frame into two 4000-byte frames.
Page 373: Changing The Router Id
The <ip-addr> can be any valid, unique IP address. NOTE: You can specify an IP address used for an interface on the Foundry Layer 3 Switch, but do not specify an IP address in use by another device. December 2005 © Foundry Networks, Inc. 16 - 23...
Page 374: Specifying A Single Source Interface For Telnet, Tacacs/Tacacs+, Or Radius Packets
Foundry Configuration Guide for the FESX, FSX, and FWSX Specifying a Single Source Interface for Telnet, TACACS/TACACS+, or RADIUS Packets When the Layer 3 Switch originates a Telnet, TACACS/TACACS+, or RADIUS packet, the source address of the packet is the lowest-numbered IP address on the interface that sends the packet. You can configure the Layer 3 Switch to always the lowest-numbered IP address on a specific interface as the source addresses for these types of packets.
Page 375: Configuring Arp Parameters
In each case, the Layer 3 Switch must encapsulate the packet and address it to the MAC address of a locally attached device, the next-hop router toward the IP packet’s destination. December 2005 © Foundry Networks, Inc. 16 - 25...
Page 376 Foundry Configuration Guide for the FESX, FSX, and FWSX To obtain the MAC address required for forwarding a datagram, the Layer 3 Switch does the following: • First, the Layer 3 Switch looks in the ARP cache (not the static ARP table) for an entry that lists the MAC address for the IP address.
Page 377 ARP requests for subnets it can reach. However, router ports will not respond to ARP requests for IP addresses in the same subnet as the incoming ports. Software release 02.3.03 resolves this issue with the December 2005 © Foundry Networks, Inc. 16 - 27...
Page 378 Foundry Configuration Guide for the FESX, FSX, and FWSX introduction of Local Proxy ARP per IP interface. Local Proxy ARP enables router ports to reply to ARP requests for IP addresses within the same subnet and to forward all traffic between hosts in the subnet.
Page 379: Configuring Forwarding Parameters
A directed broadcast is an IP broadcast to all devices within a single directly-attached network or sub-net. A net- directed broadcast goes to all devices on a given network. A sub-net-directed broadcast goes to all devices within a given sub-net. December 2005 © Foundry Networks, Inc. 16 - 29...
Page 380 Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: A less common type, the all-sub-nets broadcast, goes to all directly-attached sub-nets. Forwarding for this broadcast type also is supported, but most networks use IP multicasting instead of all-sub-net broadcasting.
Page 381: Disabling Icmp Messages
Protocol – The TCP or UDP protocol on the destination host is not running. This message is different from the Port Unreachable message, which indicates that the protocol is running on the host but the requested protocol port is unavailable. December 2005 © Foundry Networks, Inc. 16 - 31...
Page 382: Configuring Static Routes
Foundry Configuration Guide for the FESX, FSX, and FWSX • Source-route-failure – The device received a source-routed packet but cannot locate the next-hop IP address indicated in the packet’s Source-Route option. You can disable the Foundry device from sending these types of ICMP messages on an individual basis. To do so, use the following CLI method.
Page 383 “Configuring Load Balancing and Redundancy Using Multiple Static Routes to the Same Destination” on page 16-36 • “Configuring Standard Static IP Routes and Interface or Null Static Routes to the Same Destination” on page 16-37 December 2005 © Foundry Networks, Inc. 16 - 33...
Page 384 Foundry Configuration Guide for the FESX, FSX, and FWSX Static Route States Follow Port States IP static routes remain in the IP route table only so long as the port or virtual interface used by the route is available. If the port or virtual routing interface becomes unavailable, the software removes the static route from the IP route table.
Page 385 To display the maximum value for your device, enter the show default values command. The maximum number of static IP routes the system can hold is listed in the ip-static-route row in the System Parameters section of the December 2005 © Foundry Networks, Inc. 16 - 35...
Page 386 Foundry Configuration Guide for the FESX, FSX, and FWSX display. To change the maximum value, use the system-max ip-static-route <num> command at the global CONFIG level. The <ip-addr> parameter specifies the network or host address. The Layer 3 Switch will drop packets that contain this address in the destination field instead of forwarding them.
Page 387 In this example, the Layer 3 Switch always uses the standard static route for traffic to destination network 192.168.7.0/24, unless that route becomes unavailable, in which case the Layer 3 Switch sends traffic to the null route instead. December 2005 © Foundry Networks, Inc. 16 - 37...
Page 388 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 16.3 Standard and null static routes to the same destination network Two static routes to 192.168.7.0/24: --Standard static route through gateway 192.168.6.157, with metric 1 --Null route, with metric 2 192.168.6.188/24...
Page 389: Configuring A Default Network Route
If the IP route table does not contain an explicit default route (for example, 0.0.0.0/0) or propagate an explicit default route through routing protocols, the software can use the default network route as a default route instead. December 2005 © Foundry Networks, Inc. 16 - 39...
Page 390 Foundry Configuration Guide for the FESX, FSX, and FWSX When the software uses the default network route, it also uses the default network route's next hop gateway as the gateway of last resort. This feature is especially useful in environments where network topology changes can make the next hop gateway unreachable.
Page 391: Configuring Ip Load Sharing
IP route table. For example, if the 1.IP load sharing is also called “Equal-Cost Multi-Path (ECMP)” load sharing or just “ECMP” December 2005 © Foundry Networks, Inc. 16 - 41...
Page 392 Foundry Configuration Guide for the FESX, FSX, and FWSX Layer 3 Switch has a path learned from OSPF and a path learned from RIP for a given destination, only the path with the lower administrative distance enters the IP route table.
Page 393 For example, if the Layer 3 Switch you are configuring for IP load sharing has six next-hop routers, set the maximum paths value to six. December 2005 © Foundry Networks, Inc. 16 - 43...
Page 394: Configuring Irdp
Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: If the setting for the maximum number of paths is lower than the actual number of equal-cost paths, the software does not use all the paths for load sharing. To change the number of IP load sharing paths, enter a command such as the following: FastIron SuperX Router(config)# ip load-sharing 6 Syntax: [no] ip load-sharing [<num>]...
Page 395: Configuring Rarp
RARP is enabled by default. However, you must create a RARP entry for each host that will use the Layer 3 Switch for booting. A RARP entry consists of the following information: • The entry number – the entry’s sequence number in the RARP table. December 2005 © Foundry Networks, Inc. 16 - 45...
Page 396 Foundry Configuration Guide for the FESX, FSX, and FWSX • The MAC address of the boot client. • The IP address you want the Layer 3 Switch to give to the client. When a client sends a RARP broadcast requesting an IP address, the Layer 3 Switch responds to the request by looking in the RARP table for an entry that contains the client’s MAC address:...
Page 397: Configuring Udp Broadcast And Ip Helper Parameters
Layer 3 Switch to forward BootP/DHCP requests, see “Configuring BootP/DHCP Forwarding Parameters” on page 16-49. You can enable forwarding for other applications by specifying the application port number. You also can disable forwarding for an application. December 2005 © Foundry Networks, Inc. 16 - 47...
Page 398 Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: If you disable forwarding for a UDP application, forwarding of client requests received as broadcasts to helper addresses is disabled. Disabling forwarding of an application does not disable other support for the application.
Page 399: Configuring Bootp/Dhcp Forwarding Parameters
BootP/DHCP request if its hop count is four or less, but discards the request if the hop count is greater than four. You can change the maximum number of hops the Layer 3 Switch will allow to a value from 1 – 15. December 2005 © Foundry Networks, Inc. 16 - 49...
Page 400 Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: The BootP/DHCP hop count is not the TTL parameter. Configuring an IP Helper Address The procedure for configuring a helper address for BootP/DHCP requests is the same as the procedure for configuring a helper address for other types of UDP broadcasts.
Page 401: Configuring Ip Parameters - Layer 2 Switches
For example, you could enter either of the following commands to initiate the ping: FESX424 Switch# ping nyc01 FESX424 Switch# ping nyc01.newyork.com December 2005 © Foundry Networks, Inc. 16 - 51...
Page 402 Foundry Configuration Guide for the FESX, FSX, and FWSX Defining a DNS Entry You can define up to four DNS servers for each DNS entry. The first entry serves as the primary default address. If a query to the primary address fails to be resolved after three attempts, the next gateway address is queried (also up to three times).
Page 403: Changing The Ttl Threshold
By allowing multiple sub-net DHCP requests to be sent on the same wire, you can reduce the number of router ports required to support secondary addressing as well as reduce the number of DHCP servers required, by allowing a server to manage multiple sub-net address assignments. December 2005 © Foundry Networks, Inc. 16 - 53...
Page 404 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 16.6 DHCP requests in a network without DHCP Assist on the Layer 2 Switch Step 3: DHCP Server generates IP addresses for Hosts 1,2,3 and 4. DHCP All IP address are assigned...
Page 405 IP sub-net (Figure 16.8). The IP address is then forwarded back to the workstation that originated the request. NOTE: The DHCP relay function of the connecting router needs to be turned on. December 2005 © Foundry Networks, Inc. 16 - 55...
Page 406 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 16.8 DHCP offers are forwarded back toward the requestors Step 4: DHCP DHCP Server extracts the gateway Server Server address from each pack et and 207.95.7.6 assigns IP addresses for each...
Page 407: Displaying Ip Configuration Information And Statistics
PIM information – see the “Show Commands” chapter in the Foundry Switch and Router Command Line Interface Reference. • VRRP or VRRPE information – see “Displaying VRRP and VRRPE Information” on page 22-19. December 2005 © Foundry Networks, Inc. 16 - 57...
Page 408 Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying Global IP Configuration Information To display IP configuration information, enter the following command at any CLI level: FESX424 Router> show ip Global Settings ttl: 64, arp-age: 10, bootp-relay-max-hops: 4 router-id : 207.95.11.128...
Page 409 IP routes in Foundry routers is 1. To list the default administrative distances for all types of routes or to change the administrative distance of a static route, see “Changing Administrative Distances” on page 21-29. Policies December 2005 © Foundry Networks, Inc. 16 - 59...
Page 410 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 16.8: CLI Display of Global IP Configuration Information – Layer 3 Switch (Continued) This Field... Displays... Index The policy number. This is the number you assigned the policy when you configured it.
Page 411 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 L2VLAN 0.01 0.00 0.00 0.01 OSPF 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 VRRP 0.00 0.00 0.00 0.00 December 2005 © Foundry Networks, Inc. 16 - 61...
Page 412 Foundry Configuration Guide for the FESX, FSX, and FWSX To display utilization statistics for a specific number of seconds, enter a command such as the following: FESX424 Router# show process cpu 2 Statistics for last 1 sec and 80 ms...
Page 413 The actual interface number is appended to the interface name. For example, if the interface name is "lab" and its port number is "2", you see "lab2" displayed as in the example below: December 2005 © Foundry Networks, Inc. 16 - 63...
Page 414 Foundry Configuration Guide for the FESX, FSX, and FWSX FESX424 Router># show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Buffer logging: level ACDMEINW, 3 messages logged level code: A=alert C=critical D=debugging M=emergency E=error I=informational N=notification W=warning...
Page 415 The <mask> parameter lets you specify a mask for the mac-address <xxxx.xxxx.xxxx> parameter, to display entries for multiple MAC addresses. Specify the MAC address mask as “f”s and “0”s, where “f”s are significant bits. December 2005 © Foundry Networks, Inc. 16 - 65...
Page 416 Foundry Configuration Guide for the FESX, FSX, and FWSX The <ip-addr> and <ip-mask> parameters let you restrict the display to entries for a specific IP address and network mask. Specify the IP address masks in standard decimal mask format (for example, 255.255.0.0).
Page 417 “n/a”. VLAN Indicates the VLAN(s) the listed port is in. The QoS priority of the port or VLAN. December 2005 © Foundry Networks, Inc. 16 - 67...
Page 418 Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying the IP Route Table To display the IP route table, enter the following command at any CLI level: FastIron SuperX Router> show ip route Total number of IP routes: 514...
Page 419 The following table lists the information displayed by the show ip route command. Table 16.13: CLI Display of IP Route Table This Field... Displays... Destination The destination network of the route. NetMask The network mask of the destination address. December 2005 © Foundry Networks, Inc. 16 - 69...
Page 420 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 16.13: CLI Display of IP Route Table (Continued) This Field... Displays... Gateway The next-hop router. Port The port through which this router sends packets to reach the route's destination. Cost The route's cost.
Page 421 The total number of IP packets filtered by the device. fragmented The total number of IP packets fragmented by this device to accommodate the MTU of this device or of another device. December 2005 © Foundry Networks, Inc. 16 - 71...
Page 422 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 16.14: CLI Display of IP Traffic Statistics – Layer 3 Switch (Continued) This Field... Displays... reassembled The total number of fragmented IP packets that this device re- assembled. bad header The number of IP packets dropped by the device due to a bad packet header.
Page 423 The number of responses this device has received to requests for all or part of another RIP router’s routing table. unrecognized This information is used by Foundry customer support. December 2005 © Foundry Networks, Inc. 16 - 73...
Page 424: Displaying Ip Information - Layer 2 Switches
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 16.14: CLI Display of IP Traffic Statistics – Layer 3 Switch (Continued) This Field... Displays... bad version The number of RIP packets dropped by the device because the RIP version was either invalid or is not supported by this device.
Page 425 The port on which the entry was learned. The number of minutes the entry has remained unused. If this value reaches the ARP aging period, the entry is removed from the cache. December 2005 © Foundry Networks, Inc. 16 - 75...
Page 426 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 16.16: CLI Display of ARP Cache (Continued) This Field... Displays... VlanId The VLAN the port that learned the entry is in. Note: If the MAC address is all zeros, this field shows a random VLAN ID, since the Layer 2 Switch does not yet know which port the device for this entry is attached to.
Page 427 The number of Address Mask Request messages sent or received by the device. addr mask reply The number of Address Mask Replies messages sent or received by the device. December 2005 © Foundry Networks, Inc. 16 - 77...
Page 428 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 16.17: CLI Display of IP Traffic Statistics – Layer 2 Switch (Continued) This Field... Displays... irdp advertisement The number of ICMP Router Discovery Protocol (IRDP) Advertisement messages sent or received by the device.
Page 429: Chapter 17 Configuring Rip
A RIP route can have a maximum cost of 15. Any destination with a higher cost is considered unreachable. Although limiting to larger networks, the low maximum hop count prevents endless loops in the network. December 2005 © Foundry Networks, Inc. 17 - 1...
Page 430: Icmp Host Unreachable Message For Undeliverable Arps
Foundry Configuration Guide for the FESX, FSX, and FWSX Foundry Layer 3 Switches support the following RIP versions: • Version 1 • V1 compatible with V2 • Version 2 (the default) ICMP Host Unreachable Message for Undeliverable ARPs If the router receives an ARP request packet that it is unable to deliver to the final destination because of the ARP timeout and no ARP response is received (router knows of no route to the destination address), the router sends an ICMP Host Unreachable message to the source.
Page 431: Rip Interface Parameters
Poison reverse – The router assigns a cost of 16 (“infinite” or “unreachable”) to a route before advertising it on the same interface as the one on which the router learned the route. December 2005 © Foundry Networks, Inc. 17 - 3...
Page 432: Configuring Rip Parameters
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 17.3: RIP Interface Parameters (Continued) Parameter Description Default See page... Advertising and You can control the routes that a Layer 3 Switch The Layer 3 Switch 17-9 learning specific learns or advertises.
Page 433: Changing The Administrative Distance
To change the administrative distance for RIP routes, enter a command such as the following: FastIron SuperX Router(config-rip-router)# distance 140 This command changes the administrative distance to 140 for all RIP routes. Syntax: [no] distance <num> December 2005 © Foundry Networks, Inc. 17 - 5...
Page 434: Configuring Redistribution
Foundry Configuration Guide for the FESX, FSX, and FWSX Configuring Redistribution You can configure the Layer 3 Switch to redistribute routes learned through Open Shortest Path First (OSPF) or Border Gateway Protocol version 4 (BGP4) into RIP. When you redistribute a route from one of these other protocols into RIP, the Layer 3 Switch can use RIP to advertise the route to its RIP neighbors.
Page 435: Configuring Route Learning And Advertising Parameters
The update interval specifies how often the Layer 3 Switch sends route advertisements to its RIP neighbors. You can specify an interval from 1 – 1000 seconds. The default is 30 seconds. To change the RIP update interval, enter a command such as the following: December 2005 © Foundry Networks, Inc. 17 - 7...
Page 436: Changing The Route Loop Prevention Method
Foundry Configuration Guide for the FESX, FSX, and FWSX FESX424 Router(config-rip-router)# update 120 This command configures the Layer 3 Switch to send RIP updates every 120 seconds. Syntax: update-time <1-1000> Enabling Learning of RIP Default Routes By default, the Layer 3 Switch does not learn RIP default routes. You can enable learning of RIP default routes on a global or interface basis.
Page 437: Suppressing Rip Route Advertisement On Avrrp Or Vrrpe Backup Interface
When you apply a RIP route filter, you also specify whether the filter applies to learned routes or advertised routes: • Out filters apply to routes the Layer 3 Switch advertises to its neighbor on the interface. December 2005 © Foundry Networks, Inc. 17 - 9...
Page 438: Displaying Rip Filters
Foundry Configuration Guide for the FESX, FSX, and FWSX • In filters apply to routes the Layer 3 Switch learns from its neighbor on the interface. To apply RIP route filters to an interface, enter commands such as the following:...
Page 439 0.00 0.00 0.00 0.00 ICMP 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 OSPF 0.00 0.00 0.00 0.00 0.04 0.07 0.08 0.09 0.00 0.00 0.00 0.00 VRRP 0.00 0.00 0.00 0.00 December 2005 © Foundry Networks, Inc. 17 - 11...
Page 440 Foundry Configuration Guide for the FESX, FSX, and FWSX If the software has been running less than 15 minutes (the maximum interval for utilization statistics), the command indicates how long the software has been running. Here is an example: FESX424 Router# show process cpu The system has only been up for 6 seconds.
Page 441 Age interval – The age interval specifies how long an IGMP group can remain in the IGMP group table without the device receiving a Group Membership report for the group. If the age interval expires before the device December 2005 © Foundry Networks, Inc. 18 - 1...
Page 442: Support For Igmp V2 Snooping In Layer 3 Software Images
MAC-based. This differs from IGMP V2 snooping on the BigIron/FastIron router images, which match on both IP source and group (S,G) entries programmed in the Layer 4 CAM. In contrast, the FESX router images match on Layer 2 destination MAC address entries.
Page 443: Changing The Igmp Mode
By default, when you enable IP multicast on a Foundry device, all ports on the device are configured for IGMP. If you are using active IGMP, all ports can send IGMP queries and receive IGMP reports. If you are using passive IGMP, all ports can receive IGMP queries. December 2005 © Foundry Networks, Inc. 18 - 3...
Page 444: Modifying The Query Interval
Foundry Configuration Guide for the FESX, FSX, and FWSX You can disable IGMP on individual ports of a Layer 2 Switch if you want to block all IP multicast traffic on those ports. When you disable IGMP on an individual port, the device does not forward any multicast traffic out the port, but other ports can still send and receive multicast traffic.
Page 445: Pim Sm Traffic Snooping
This feature is supported in the Layer 2 switch code only. • This feature is supported in software release 02.2.00 and later for the FESX and FWSX. • This feature is supported in software release 02.3.01 and later for the FSX.
Page 446 Foundry Configuration Guide for the FESX, FSX, and FWSX When PIM SM traffic snooping is enabled, the device starts listening for PIM SM join and prune messages and IGMP group membership reports. Until the device receives a PIM SM join message or an IGMP group membership report, the device forwards IP multicast traffic out all ports.
Page 447: Configuration Requirements
The active mode configures the device to send group membership queries. • All the device ports connected to the source and receivers or routers must be in the same port-based VLAN. December 2005 © Foundry Networks, Inc. 18 - 7...
Page 448: Enabling Pim Sm Traffic Snooping
Foundry Configuration Guide for the FESX, FSX, and FWSX • The PIM SM snooping feature assumes that the group source and the device are in different sub-nets and communicate through a router. The source must be in a different IP sub-net than the receivers. A PIM SM router sends PIM join and prune messages on behalf of a multicast group receiver only when the router and the source are in different sub-nets.
Page 449 Multicast Group Address of the IP multicast group. Note: The fid and camindex values are used by Foundry Technical Support for troubleshooting. Forwarding Port The forwarding ports for the IP multicast group. December 2005 © Foundry Networks, Inc. 18 - 9...
Page 450 Foundry Configuration Guide for the FESX, FSX, and FWSX You also can display PIM SM information on Layer 2 Switches by entering the following command, at any level of the CLI: FastIron SuperX Router(config)# show ip pim PIMSM snooping is enabled...
Page 451 FastIron SuperX Switch# show ip multicast hardware 239.255.163.2 VLAN ID 100 Group: 239.255.163.2, HW-ref-cnt=1, fid 08a9, cam 10, dma=8, Forwarding Port: 1 2 group 239.255.163.2 in 1 vlans Syntax: show ip multicast hardware [<group-address> | vlan <vlan-id>] December 2005 © Foundry Networks, Inc. 18 - 11...
Page 452 Foundry Configuration Guide for the FESX, FSX, and FWSX Enter the address of a group for <group-address> if you want to display the hardware resource usage of a particular group. Likewise, enter the ID of a VLAN for <vlan-id> if you want display the hardware resource usage of groups in a VLAN.
Page 453 Multicast Group Address of the IP multicast group. Note: The fid and camindex values are used by Foundry Technical Support for troubleshooting. Forwarding Port The forwarding ports for the IP multicast group. December 2005 © Foundry Networks, Inc. 18 - 13...
Page 454 Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying PIM SM Snooping Information You can display PIM SM snooping information for all groups by entering the following command at any level of the CLI on a Layer 2 Switch:...
Page 455 The output shows the following information. This Field... Displays... VLAN ID VLAN membership of the source Group Address of the group Source IP address of the source Age of the source. December 2005 © Foundry Networks, Inc. 18 - 15...
Page 456: Displaying Ip Multicast Statistics
Foundry Configuration Guide for the FESX, FSX, and FWSX This Field... Displays... Port Port on which the source is sending traffic Displaying IP Multicast Statistics To display IP multicast statistics on a device, enter the following commands at any level of the CLI:...
Page 457 Syntax: clear ip multicast all | group <group-id> The all parameter clears the learned flows for all groups. The group <group-id> parameter clears the flows for the specified group but does not clear the flows for other groups. December 2005 © Foundry Networks, Inc. 18 - 17...
Page 458 Foundry Configuration Guide for the FESX, FSX, and FWSX 18 - 18 © Foundry Networks, Inc. December 2005...
Page 459: Configuring Ip Multicast Protocols
PIM or DVMRP on an interface and is disabled on the interface if you disable PIM or DVMRP on the interface. NOTE: This chapter applies only to IP multicast routing. To configure Layer 2 IP multicast features, see “Configuring IP Multicast Traffic Reduction” on page 18-1. December 2005 © Foundry Networks, Inc. 19 - 1...
Page 460: Overview Of Ip Multicasting
Foundry Configuration Guide for the FESX, FSX, and FWSX This chapter contains the following information: Table 19.1: Chapter Contents Description See Page Overview of IP multicasting 19-2 Changing global IP multicast parameters 19-3 Adding an interface to a multicast group...
Page 461: Changing Global Ip Multicast Parameters
To increase the number of IGMP membership interfaces you can have for PIM, enter commands such as the following: FastIron SuperX Router(config)# system-max pim-max-int-group 4000 FastIron SuperX Router(config)# write memory This command enables the device to have up to 4000 IGMP memberships for PIM. December 2005 © Foundry Networks, Inc. 19 - 3...
Page 462 Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: The system-max pim-max-int-group command is no longer available since you can configure an unlimited number of PIM interface groups for DVMRP. Syntax: [no] system-max pim-max-int-group <num> The <num> parameter specifies the maximum number of IGMP memberships for PIM, and can be from 256 –...
Page 463: Changing Igmp V1 And V2 Parameters
FastIron SuperX Router(config)# ip igmp max-response-time 8 Syntax: [no] ip igmp max-response-time <num> The <num> parameter specifies the number of seconds and can be a value from 1 – 10. The default is 5. December 2005 © Foundry Networks, Inc. 19 - 5...
Page 464: Adding An Interface To A Multicast Group
Foundry Configuration Guide for the FESX, FSX, and FWSX Adding an Interface to a Multicast Group You can manually add an interface to a multicast group. This is useful in the following cases: • Hosts attached to the interface are unable to add themselves as members of the group using IGMP.
Page 465: Pruning A Multicast Tree
Group Group Group Group Group Member Member Member Member Member Leaf Node Leaf Node Leaf Node (No Group Members) Interrmediate Node (No Group Members) Group Group Group Member Member Member 229.225.0.1 December 2005 © Foundry Networks, Inc. 19 - 7...
Page 466: Grafts To A Multicast Tree
Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 19.2 Pruning leaf nodes from a multicast tree Video Conferencing Server (207.95.5.1, 229.225.0.1) (Source, Group) 229.225.0.1 229.225.0.1 Group Group Group Group Group Member Member Member Member Member Leaf Node Prune Message...
Page 467: Configuring Pim Dm
PIM configuration, enter the following command: FastIron SuperX Router(config)# router pim FastIron SuperX Router(config-pim-router)# disable-pim Syntax: [no] disable-pim Use the [no] version of the command to re-enable PIM. December 2005 © Foundry Networks, Inc. 19 - 9...
Page 468 Foundry Configuration Guide for the FESX, FSX, and FWSX Enabling a PIM version USING THE CLI To enable PIM on an interface, globally enable PIM, then enable PIM on interface 3, enter the following commands: FESX424 Router(config)# router pim FESX424 Router(config)# int e 3 FESX424 Router(config-if-e1000-3)# ip address 207.95.5.1/24...
Page 469 To change the graft retransmit timer from the default of 180 to 90 seconds, enter the following: FastIron SuperX Router(config)# router pim FastIron SuperX Router(config-pim-router)# graft-retransmit-timer 90 Syntax: graft-retransmit-timer <10-3600> December 2005 © Foundry Networks, Inc. 19 - 11...
Page 470 Foundry Configuration Guide for the FESX, FSX, and FWSX The default is 180 seconds. Modifying Inactivity Timer The router deletes a forwarding entry if the entry is not used to send multicast packets. The PIM inactivity timer defines how long a forwarding entry can remain unused before the router deletes it.
Page 471: Failover Time In A Multi-Path Topology
PIM and are configured to operate within a common boundary. Figure 19.3 shows a simple example of a PIM Sparse domain. This example shows three Layer 3 Switches configured as PIM Sparse routers. The configuration is described in detail following the figure. December 2005 © Foundry Networks, Inc. 19 - 13...
Page 472: Pim Sparse Router Types
Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 19.3 Example PIM Sparse domain This interface is also the Bootstrap Router (BR) for this PIM Sparse domain, and the Rendezvous Point (RP) for the PIM Sparse groups in this domain.
Page 473: Rp Paths And Spt Paths
Identify the Layer 3 Switch as a candidate PIM Sparse Rendezvous Point (RP), if applicable. • Specify the IP address of the RP (if you want to statically select the RP). NOTE: Foundry Networks recommends that you configure the same Layer 3 Switch as both the BSR and the RP. Limitations in this Release The implementation of PIM Sparse in the current software release has the following limitations: •...
Page 474 Layer 3 Switch as a candidate BSR and RP. However, if you do configure the Layer 3 Switch as one of these, Foundry Networks recommends that you configure the Layer 3 Switch as both of these. See “Configuring BSRs” on page 19-17.
Page 475 Rendezvous Point (RP). NOTE: It is possible to configure the Layer 3 Switch as only a candidate BSR or RP, but Foundry Networks recommends that you configure the same interface on the same Layer 3 Switch as both a BSR and an RP.
Page 476 Statically Specifying the RP Foundry Networks recommends that you use the PIM Sparse protocol’s RP election process so that a backup RP can automatically take over if the active RP router becomes unavailable. However, if you do not want the RP to be selected by the RP election process but instead you want to explicitly identify the RP by its IP address, you can do using the following CLI method.
Page 477 Unwanted PIM Dense or PIM Sparse multicast traffic can be dropped in hardware on Layer 3 Switches. This feature does not apply to DVMRP traffic. Refer to “Dropping PIM Traffic in Hardware” on page 19-31. December 2005 © Foundry Networks, Inc. 19 - 19...
Page 478: Displaying Pim Sparse Configuration Information And Statistics
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying PIM Sparse Configuration Information and Statistics You can display the following PIM Sparse information: • Basic PIM Sparse configuration information • Group information • BSR information • Candidate RP information •...
Page 479 Following the TTL threshold value, the interface state is listed. The interface state can be one of the following: • Disabled • Enabled Local Address Indicates the IP address configured on the port or virtual interface. December 2005 © Foundry Networks, Inc. 19 - 21...
Page 480 Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying a List of Multicast Groups To display a list of the IP multicast groups the Layer 3 Switch is forwarding, enter the following command at any CLI level: FastIron SuperX Router(config-pim-router)# show ip pim group...
Page 481 Note: This field appears only if this Layer 3 Switch is the BSR. Candidate-RP-advertisement period Indicates how frequently the BSR sends candidate RP advertisement messages. Note: This field appears only if this Layer 3 Switch is the BSR. December 2005 © Foundry Networks, Inc. 19 - 23...
Page 482 Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying Candidate RP Information To display candidate RP information, enter the following command at any CLI level: FastIron SuperX Router(config-pim-router)# show ip pim rp-candidate Next Candidate-RP-advertisement in 00:00:10 RP: 207.95.7.1 group prefixes: 224.0.0.0 / 4...
Page 483 Group address Static-RP-address Override --------------------------------------------------- Access-List 44 99.99.99.5 On Number of group prefixes Learnt from BSR: 1 Group prefix = 239.255.162.0/24 # RPs expected: 1 # RPs received: 1 RP 1: 43.43.43.1 priority=0 age=0 December 2005 © Foundry Networks, Inc. 19 - 25...
Page 484 Foundry Configuration Guide for the FESX, FSX, and FWSX Syntax: show ip pim rp-set This display shows the following information. This Field... Displays... Number of group prefixes The number f PIM Sparse group prefixes for which the RP is responsible.
Page 485 Parent CamFlags CamIndex Flags 209.157.24.162 239.255.162.1 00000700 2023 00004411 F 209.157.24.162 239.255.162.1 00000700 201b 00004411 F 209.157.24.162 239.255.162.1 00000700 201d 00004411 F 209.157.24.162 239.255.162.1 00000700 201e 00004411 F Syntax: show ip pim flowcache December 2005 © Foundry Networks, Inc. 19 - 27...
Page 486 Foundry Configuration Guide for the FESX, FSX, and FWSX This display shows the following information. This Field... Displays... Source Indicates the source of the PIM Sparse group. Group Indicates the PIM Sparse group. Parent Indicates the port or virtual interface from which the Layer 3 Switch receives packets from the group’s source.
Page 487 Indicates the Layer 3 Switch physical ports to which the receivers for the source and group are attached. The receivers can be directly attached or indirectly attached through other PIM Sparse routers. December 2005 © Foundry Networks, Inc. 19 - 29...
Page 488 Foundry Configuration Guide for the FESX, FSX, and FWSX This Field... Displays... virtual ports Indicates the virtual interfaces to which the receivers for the source and group are attached. The receivers can be directly attached or indirectly attached through other PIM Sparse routers.
Page 489: Dropping Pim Traffic In Hardware
Syntax: clear pim counters Dropping PIM Traffic in Hardware Beginning with FESX software release 02.2.00, unwanted PIM Dense or PIM Sparse multicast traffic can be dropped in hardware on Layer 3 Switches. NOTE: This feature does not apply to DVMRP traffic.
Page 490: Configuration Syntax
Foundry Configuration Guide for the FESX, FSX, and FWSX Configuration Syntax To configure the device to drop PIM traffic in hardware, enter the following command at the router pim level: FastIron SuperX Router(config)# router pim FastIron SuperX Router(config-pim-router)# hardware-drop Syntax: hardware-drop When you enable the hardware-drop feature, the show ip pim mcache command includes “drop”...
Page 491 Each peer sends the Source Advertisement to its other MSDP peers. The RP that receives the Source Active message also sends a Join message for the group if the RP that received the message has receivers for the group. December 2005 © Foundry Networks, Inc. 19 - 33...
Page 492: Peer Reverse Path Forwarding (Rpf) Flooding
Foundry Configuration Guide for the FESX, FSX, and FWSX Peer Reverse Path Forwarding (RPF) Flooding When the MSDP router (also the RP) in domain 2 receives the Source Active message from its peer in domain 1, the MSDP router in domain 2 forwards the message to all its other peers. The propagation process is sometimes called “peer Reverse Path Forwarding (RPF) flooding”.
Page 493: Sip Address As The Rp' Sip Address
This address must be the address of the interface used to connect the RP to the source. There are no default originator-ids. The <type> parameter indicates the type of interface used by the RP. Ethernet, loopback and virtual routing interfaces (ve) can be used. December 2005 © Foundry Networks, Inc. 19 - 35...
Page 494: Filtering Msdp Source-Group Pairs
Foundry Configuration Guide for the FESX, FSX, and FWSX The <number> parameter specifies the interface number (for example: loopback number, port number or virtual routing interface number.) Filtering MSDP Source-Group Pairs You can filter individual source-group pairs in MSDP Source-Active messages.
Page 495 Filtering Advertised Source-Active Messages The following example configures the Layer 3 Switch to advertise all source-group pairs except the ones that have source address 10.x.x.x. December 2005 © Foundry Networks, Inc. 19 - 37...
Page 496: Configuring Msdp Mesh Groups
Foundry Configuration Guide for the FESX, FSX, and FWSX Example The following commands configure an IP address on port 3/1. This is the port on which the MSDP neighbors will be configured. FastIron SuperX Router(config)# interface ethernet 3/1 FastIron SuperX Router(config-if-3/1)# ip address 2.2.2.98/24 FastIron SuperX Router(config-if-3/1)# exit The following commands configure a loopback interface.
Page 497 FastIron SuperX Router(config)# router msdp FastIron SuperX Router(config-msdp-router)# msdp-peer 163.5.34.10 connect-source loopback 2 FastIron SuperX Router(config-msdp-router)# msdp-peer 206.251.21.31 connect-source loopback 2 FastIron SuperX Router(config-msdp-router)# msdp-peer 206.251.17.31 connect-source loopback 2 FastIron SuperX Router(config-msdp-router)# msdp-peer 206.251.13.31 connect-source December 2005 © Foundry Networks, Inc. 19 - 39...
Page 498 Foundry Configuration Guide for the FESX, FSX, and FWSX loopback 2 FastIron SuperX Router(config-msdp-router)# mesh-group GroupA 206.251.21.31 FastIron SuperX Router(config-msdp-router)# mesh-group GroupA 206.251.17.31 FastIron SuperX Router(config-msdp-router)# mesh-group GroupA 206.251.13.31 FastIron SuperX Router(config-msdp-router)# exit Syntax: [no] mesh-group <group-name> <peer-address> The sample configuration above reflects the configuration in Figure 19.5. On RP 206.251.21.31 you specify its peers within the same domain (206.251.21.31, 206.251.17.31, and 206.251.13.31).
Page 499 FastIron SuperX Router(config-msdp-router)# mesh-group 1234 1.1.2.1 FastIron SuperX Router(config-msdp-router)# exit FastIron SuperX Router(config)# interface loopback 1 FastIron SuperX Router(config-lbif-1)#ip address 1.1.1.1 255.255.255.0 FastIron SuperX Router(config-lbif-1)# ip pim-sparse FastIron SuperX Router(config-lbif-1)# exit December 2005 © Foundry Networks, Inc. 19 - 41...
Page 500 Foundry Configuration Guide for the FESX, FSX, and FWSX FastIron SuperX Router(config)# interface ethernet 1/1 FastIron SuperX Router(config-if-1/1)# ip address 14.14.14.1 255.255.255.0 FastIron SuperX Router(config-if-1/1)# ip pim-sparse FastIron SuperX Router(config-if-1/1)# exit FastIron SuperX Router(config)# interface ethernet 2/1 FastIron SuperX Router(config-if-2/1)# ip address 12.12.12.1 255.255.255.0...
Page 501 FastIron SuperX Router(config)# ip multicast-routing FastIron SuperX Router(config)# ip multicast-perf FastIron SuperX Router(config)# router pim FastIron SuperX Router(config)# router msdp FastIron SuperX Router(config-msdp-router)# msdp-peer 35.35.35.5 FastIron SuperX Router(config-msdp-router)# msdp-peer 1.1.2.1 connect-source December 2005 © Foundry Networks, Inc. 19 - 43...
Page 502 Foundry Configuration Guide for the FESX, FSX, and FWSX loopback 1 FastIron SuperX Router(config-msdp-router)# msdp-peer 1.1.4.1 connect-source loopback 1 FastIron SuperX Router(config-msdp-router)# msdp-peer 1.1.1.1 connect-source loopback 1 FastIron SuperX Router(config-msdp-router)# mesh-group 1234 1.1.2.1 FastIron SuperX Router(config-msdp-router)# mesh-group 1234 1.1.1.1 FastIron SuperX Router(config-msdp-router)# mesh-group 1234 1.1.4.1...
Page 503 FastIron SuperX Router(config-if-)# ip pim border FastIron SuperX Router(config-if-)# exit FastIron SuperX Router(config)# router pim FastIron SuperX Router(config-router-pim)# bsr-candidate loopback 1 14 34 FastIron SuperX Router(config-router-pim)# rp-candidate loopback 1 FastIron SuperX Router(config-router-pim)# exit December 2005 © Foundry Networks, Inc. 19 - 45...
Page 504: Displaying Msdp Information
Foundry Configuration Guide for the FESX, FSX, and FWSX FastIron SuperX Router(config)# router bgp FastIron SuperX Router(config-router-bsr)# local-as 444 FastIron SuperX Router(config-router-bsr)# neighbor 34.34.34.3 remote-as 333 FastIron SuperX Router(config-router-bsr)# neighbor 34.34.34.3 next-hop-self FastIron SuperX Router(config-router-bsr)# neighbor 14.14.14.1 remote-as 111 FastIron SuperX Router(config-router-bsr)# neighbor 14.14.14.1 next-hop-self FastIron SuperX Router(config-router-bsr)# neighbor 24.24.24.2 remote-as 222...
Page 505 Port: 8270 Remote host: 206.251.17.30, Remote Port: 639 ISentSeq: 16927 SendNext: 685654 TotUnAck: SendWnd: 16384 TotSent: 668727 ReTrans: IRcvSeq: 45252428 RcvNext: 45252438 RcvWnd: 16384 TotalRcv: RcvQue: SendQue: Syntax: show ip msdp peer December 2005 © Foundry Networks, Inc. 19 - 47...
Page 506 Foundry Configuration Guide for the FESX, FSX, and FWSX This display shows the following information. Table 19.3: MSDP Peer Information This Field... Displays... Total number of MSDP peers The number of MSDP peers configured on the Layer 3 Switch IP Address The IP address of the peer’s interface with the Layer 3 Switch...
Page 507 NOTIFICATION message this MSDP router sent to the neighbor. See the description for the Notification Message Error Code Received field for a list of possible codes. Notification Message Error SubCode See above. Transmitted TCP Statistics December 2005 © Foundry Networks, Inc. 19 - 49...
Page 508 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 19.3: MSDP Peer Information (Continued) This Field... Displays... TCP connection state The state of the connection with the neighbor. The connection can have one of the following states: • LISTEN – Waiting for a connection request.
Page 509 The IP address of the multicast source. GroupAddr The IP multicast group to which the source is sending information. The RP through which receivers can access the group traffic from the source December 2005 © Foundry Networks, Inc. 19 - 51...
Page 510: Clearing Msdp Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 19.4: MSDP Source Active Cache (Continued) This Field... Displays... The number of seconds the entry has been in the cache Clearing MSDP Information You can clear the following MSDP information: •...
Page 511: Initiating Dvmrp Multicasts On A Network
In Figure 19.8, Router 5 is a leaf node with no group members in its local database. Consequently, Router 5 sends a prune message to its upstream router. This router will not receive any further multicast traffic until the prune age interval expires. December 2005 © Foundry Networks, Inc. 19 - 53...
Page 512 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 19.7 Downstream broadcast of IP multicast packets from source host Video Conferencing Server (207.95.5.1, 229.225.0.1) (Source, Group) 229.225.0.1 229.225.0.1 Group Group Group Group Group Member Member Member Member Member Leaf Node...
Page 513: Grafts To A Multicast Tree
DVMRP is enabled on each of the Foundry Layer 3 Switches shown in Figure 19.7, on which multicasts are expected. You can enable DVMRP on each Layer 3 Switch independently or remotely from one Layer 3 Switch by a Telnet connection. Follow the same steps for each router. December 2005 © Foundry Networks, Inc. 19 - 55...
Page 514: Modifying Dvmrp Global Parameters
Foundry Configuration Guide for the FESX, FSX, and FWSX Globally Enabling and Disabling DVMRP To globally enable DVMRP, enter the following command: Router1(config)# router dvmrp Syntax: [no] router dvmrp The behavior of the [no] router dvmrp command is as follows: •...
Page 515 Possible values are from 10 – 2000 seconds. The default value is 60 seconds. To support propagation of DVMRP routing information to the network every 90 seconds, enter the following: FastIron SuperX Router(config-dvmrp-router)# report 90 Syntax: report-interval <10-2000> December 2005 © Foundry Networks, Inc. 19 - 57...
Page 516: Modifying Dvmrp Interface Parameters
Foundry Configuration Guide for the FESX, FSX, and FWSX Modifying Trigger Interval The Trigger Interval defines how often trigger updates, which reflect changes in the network topology, are sent. Example changes in a network topology include router up or down or changes in the metric. Possible values are from 5 –...
Page 517: Displaying Information About An Upstream Neighbor Device
NOTE: The IP tunnel address represents the configured IP tunnel address of the destination router. In the case of Router A, its destination router is Router B. Router A is the destination router of Router B. For router B, enter the following: FastIron(config-if-1)# ip tunnel 192.58.4.1 December 2005 © Foundry Networks, Inc. 19 - 59...
Page 518: Using Acls To Control Multicast Features
Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 19.9 IP in IP tunneling on multicast packets in a unicast network Non-Multicast Capable Routers FastIron FastIron Router Multicast Capable Router Multicast Capable Router 192.58.4.1 192.3.45.6 Router B Router A...
Page 519: Using Acls To Limit Pim Rp Candidate Advertisement
239.x.x.x range. You can configure the Layer 3 Switch to advertise itself as a candidate RP to the bootstrap router only for groups in the range of 239.x.x.x. Enter commands such as the following: FastIron SuperX Router(config)# interface ethernet 1/1 FastIron SuperX Router(config-if-1/1)# ip address 99.99.99.5 255.255.255.0 December 2005 © Foundry Networks, Inc. 19 - 61...
Page 520: Using Acls To Control Multicast Traffic Boundaries
Foundry Configuration Guide for the FESX, FSX, and FWSX FastIron SuperX Router(config-if-1/1)# ip pim-sparse FastIron SuperX Router(config-if-1/1)# exit FastIron SuperX Router(config)# access-list 5 deny host 239.255.162.2 FastIron SuperX Router(config)# access-list 5 permit 239.0.0.0 0.0.255.255 FastIron SuperX Router(config)# router pim FastIron SuperX Router(config-pim-router)# bsr-candidate ethernet 1/1 32 100 FastIron SuperX Router(config-pim-router)# rp-candidate ethernet 1/1 group-list 5 The example above shows a configuration for an Ethernet interface.
Page 521: Configuring A Static Multicast Route
Layer 3 Switch prefers the path with the lower administrative distance. NOTE: Regardless of the administrative distances, the Layer 3 Switch always prefers directly connected routes over other routes. The rpf_address <rpf-num> parameter specifies an RPF number. December 2005 © Foundry Networks, Inc. 19 - 63...
Page 522: Tracing A Multicast Route
Foundry Configuration Guide for the FESX, FSX, and FWSX The example above configures two static multicast routes. The first route is for a specific source network, 207.95.10.0/24. If the Layer 3 Switch receives multicast traffic for network 207.95.10.0/24, the traffic must arrive on port 1/2.
Page 523 TTL is higher than the threshold are forwarded on the interface. The threshold is listed only for the PIM router hops between the source and destination. December 2005 © Foundry Networks, Inc. 19 - 65...
Page 524: Displaying Another Multicast Router S Multicast Configuration
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying Another Multicast Router’s Multicast Configuration The Foundry implementation of Mrinfo is based on the DVMRP Internet draft by T. Pusateri, but applies to PIM and not to DVMRP. To display the PIM configuration of another PIM router, use the following CLI method.
Page 525: Chapter 20 Configuring Ospf
Foundry Layer 3 Switches support the following types of LSAs, which are described in RFC 1583: • Router link • Network link • Summary link • Autonomous system (AS) summary link • AS external link December 2005 © Foundry Networks, Inc. 20 - 1...
Page 526 Foundry Configuration Guide for the FESX, FSX, and FWSX • Not-So-Stubby Area (NSSA) external link OSPF is built upon a hierarchy of network components. The highest level of the hierarchy is the Autonomous System (AS). An autonomous system is defined as a number of networks, all of which share the same routing and administration characteristics.
Page 527: Ospf Point-To-Point Links
RIP Router OSPF Point-to-Point Links OSPF point-to-point links are supported on Gigabit and 10-Gigabit Ethernet interfaces of FESX devices running software release 02.2.00 or later, and on FSX devices running software release 02.3.01 or later. One important OSPF process is Adjacency. Adjacency occurs when a relationship is formed between neighboring routers for the purpose of exchanging routing information.
Page 528: Designated Routers In Multi-Access Networks
Foundry Configuration Guide for the FESX, FSX, and FWSX Designated Routers in Multi-Access Networks In a network that has multiple routers attached, OSPF elects one router to serve as the designated router (DR) and another router on the segment to act as the backup designated router (BDR). This arrangement minimizes the amount of repetitive information that is forwarded on the network by forwarding all messages to the designated router and backup designated routers responsible for forwarding the updates throughout the network.
Page 529: Ospf Rfc 1583 And 2178 Compliance
Routers A, B, and C, and another routing domain, which contains Router F. The other routing domain is running another routing protocol, such as BGP4 or RIP. Routers D, E, and F, therefore, are each running both OSPF and either BGP4 or RIP. December 2005 © Foundry Networks, Inc. 20 - 5...
Page 530 Foundry Configuration Guide for the FESX, FSX, and FWSX Figure 20.4 AS External LSA reduction Routers D, E, and F are OSPF ASBRs Another routing domain OSPF Autonomous System (AS) and EBGP routers. (such as BGP4 or RIP) Router A Router D Router ID: 2.2.2.2...
Page 531: Support For Ospf Rfc 2328 Appendix E
For the more specific network, use the network’s broadcast address as the ID. The broadcast address is the network address, with all ones bits in the host portion of the address. For example, the broadcast address for network 10.0.0.0 255.255.0.0 is 10.0.0.255. December 2005 © Foundry Networks, Inc. 20 - 7...
Page 532: Dynamic Ospf Activation And Configuration
Foundry Configuration Guide for the FESX, FSX, and FWSX If this comparison results in a change to the ID of an LSA that has already been generated, the router generates a new LSA to replace the previous one. For example, if the router has already generated an LSA for network with ID 10.0.0.0 for network 10.0.0.0 255.255.255.0, the router must generate a new LSA for the...
Page 533: Configuration Rules
NOTE: When using the CLI, you set global level parameters at the OSPF CONFIG Level of the CLI. To reach that level, enter router ospf… at the global CONFIG Level. Interface parameters for OSPF are set at the interface CONFIG Level using the CLI command, ip ospf… December 2005 © Foundry Networks, Inc. 20 - 9...
Page 534: Enable Ospf On The Router
Foundry Configuration Guide for the FESX, FSX, and FWSX When using the Web management interface, you set OSPF global parameters using the OSPF configuration panel. All other parameters are accessed through links accessed from the OSPF configuration sheet. Enable OSPF on the Router When you enable OSPF on the router, the protocol is automatically activated.
Page 535 NOTE: You can assign one area on a router interface. For example, if the system or chassis module has 16 ports, 16 areas are supported on the chassis or module. December 2005 © Foundry Networks, Inc. 20 - 11...
Page 536 Foundry Configuration Guide for the FESX, FSX, and FWSX Assign a Not-So-Stubby Area (NSSA) The OSPF Not So Stubby Area (NSSA) feature enables you to configure OSPF areas that provide the benefits of stub areas, but that also are capable of importing external route information. OSPF does not flood external routes from other areas into an NSSA, but does translate and flood route information from the NSSA into other areas such as the backbone.
Page 537: Assigning An Area Range (Optional)
Each area can have up to 32 range addresses. EXAMPLE: To define an area range for sub-nets on 193.45.5.1 and 193.45.6.2, enter the following command: FESX424 Router(config)# router ospf FESX424 Router(config-ospf-router)# area 192.45.5.1 range 193.45.0.0 255.255.0.0 December 2005 © Foundry Networks, Inc. 20 - 13...
Page 538: Assigning Interfaces To An Area
Foundry Configuration Guide for the FESX, FSX, and FWSX FESX424 Router(config-ospf-router)# area 193.45.6.2 range 193.45.0.0 255.255.0.0 Syntax: area <num> | <ip-addr> range <ip-addr> <ip-mask> The <num> | <ip-addr> parameter specifies the area number, which can be in IP address format.
Page 539 In the Web management interface, the passwords or authentication strings are encrypted at the read-only access level but are visible at the read-write access level. The encryption option can be omitted (the default) or can be one of the following. December 2005 © Foundry Networks, Inc. 20 - 15...
Page 540: Change The Timer For Ospf Authentication Changes
Foundry Configuration Guide for the FESX, FSX, and FWSX • 0 – Disables encryption for the password or authentication string you specify with the command. The password or string is shown as clear text in the running-config and the startup-config file. Use this option of you do not want display of the password or string to be encrypted.
Page 541: Configuring An Ospf Non-Broadcast Interface
FastIron SuperX Switch(config-if-1/1)# no ip ospf database-filter all out Configuring an OSPF Non-Broadcast Interface Starting with release 02.3.01, the FESX and FSX Layer 3 switches support Non-Broadcast Multi-Access (NBMA) networks. This feature enables you to configure an interface on a Foundry device to send OSPF traffic to its neighbor as unicast packets rather than broadcast packets.
Page 542: Assign Virtual Links
Foundry Configuration Guide for the FESX, FSX, and FWSX FESX424 router# show ip ospf interface v20,OSPF enabled IP Address 1.1.20.4, Area 0 OSPF state BD, Pri 1, Cost 1, Options 2, Type non-broadcast Events 6 Timers(sec): Transit 1, Retrans 5, Hello 10, Dead 40 Router ID 1.1.13.1...
Page 543 The <router-id> parameter specifies the router ID of the OSPF router at the remote end of the virtual link. To display the router ID on a Foundry Layer 3 Switch, enter the show ip command. See “Modify Virtual Link Parameters” on page 20-20 for descriptions of the optional parameters. December 2005 © Foundry Networks, Inc. 20 - 19...
Page 544: Modify Virtual Link Parameters
Foundry Configuration Guide for the FESX, FSX, and FWSX Modify Virtual Link Parameters OSPF has some parameters that you can modify for virtual links. Notice that these are the same parameters as the ones you can modify for physical interfaces.
Page 545: Changing The Reference Bandwidth For The Cost On Ospf Interfaces
Virtual interface – The combined bandwidth of all the ports in the port-based VLAN that contains the virtual interface. The default reference bandwidth is 100 Mbps. You can change the reference bandwidth to a value from 1 – 4294967. December 2005 © Foundry Networks, Inc. 20 - 21...
Page 546: Define Redistribution Filters
Foundry Configuration Guide for the FESX, FSX, and FWSX If a change to the reference bandwidth results in a cost change to an interface, the Layer 3 Switch sends a link- state update to update the costs of interfaces advertised by the Layer 3 Switch.
Page 547 To configure the FastIron Layer 3 Switch acting as an ASBR in Figure 20.7 to redistribute OSPF, BGP4, and static routes into RIP, enter the following commands: FESX424 RouterASBR(config)# router rip FESX424 RouterASBR(config-rip-router)# permit redistribute 1 all FESX424 RouterASBR(config-rip-router)# write memory December 2005 © Foundry Networks, Inc. 20 - 23...
Page 548: Prevent Specific Ospf Routes From Being Installed In The Ip Route Table
Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: Redistribution is permitted for all routes by default, so the permit redistribute 1 all command in the example above is shown for clarity but is not required. You also have the option of specifying import of just OSPF, BGP4, or static routes, as well as specifying that only routes for a specific network or with a specific cost (metric) be imported, as shown in the command syntax below: Syntax: deny | permit redistribute <filter-num>...
Page 549 If you prefer to specify the wildcard (mask value) in Classless Interdomain Routing (CIDR) format, you can enter a forward slash after the IP address, then enter the number of significant bits in the mask. For example, you can December 2005 © Foundry Networks, Inc. 20 - 25...
Page 550 Foundry Configuration Guide for the FESX, FSX, and FWSX enter the CIDR equivalent of “4.0.0.0 0.255.255.255” as “4.0.0.0/8”. The CLI automatically converts the CIDR number into the appropriate ACL mask (where zeros instead of ones are the significant bits) and changes the non- significant portion of the IP address into zeros.
Page 551: Modify Default Metric For Redistribution
To enable redistribution of RIP and static IP routes into OSPF, enter the following commands. FESX424 Router(config)# router ospf FESX424 Router(config-ospf-router)# redistribution rip FESX424 Router(config-ospf-router)# redistribution static FESX424 Router(config-ospf-router)# write memory December 2005 © Foundry Networks, Inc. 20 - 27...
Page 552 Foundry Configuration Guide for the FESX, FSX, and FWSX Example Using a Route Map To configure a route map and use it for redistribution of routes into OSPF, enter commands such as the following: FESX424 Router(config)# ip route 1.1.0.0 255.255.0.0 207.95.7.30 FESX424 Router(config)# ip route 1.2.0.0 255.255.0.0 207.95.7.30...
Page 553: Disable Or Re-Enable Load Sharing
Example OSPF network with four equal-cost paths OSPF Area 0 FESX Router In the example in Figure 20.8, the Foundry router has four paths to R1: • FI->R3 • FI->R4 • FI->R5 • FI->R6 December 2005 © Foundry Networks, Inc. 20 - 29...
Page 554: Configure External Route Summarization
Foundry Configuration Guide for the FESX, FSX, and FWSX Normally, the Foundry router will choose the path to the R1 with the lower metric. For example, if R3’s metric is 1400 and R4’s metric is 600, the Foundry router will always choose R4.
Page 555: Configure Default Route Origination
The always parameter advertises the default route regardless of whether the router has a default route. This option is disabled by default. The metric <value> parameter specifies a metric for the default route. If this option is not used, the default metric is used for the route. December 2005 © Foundry Networks, Inc. 20 - 31...
Page 556: Modify Spf Timers
Foundry Configuration Guide for the FESX, FSX, and FWSX The metric-type <type> parameter specifies the external link type associated with the default route advertised into the OSPF routing domain. The <type> can be one of the following: • 1 – Type 1 external route •...
Page 557: Configure Ospf Group Link State Advertisement (Lsa) Pacing
The pacing interval is inversely proportional to the number of LSAs the Layer 3 Switch is refreshing and aging. For example, if you have approximately 10,000 LSAs, decreasing the pacing interval enhances performance. If you December 2005 © Foundry Networks, Inc. 20 - 33...
Page 558: Modify Ospf Traps Generated
Foundry Configuration Guide for the FESX, FSX, and FWSX have a very small database (40 – 100 LSAs), increasing the pacing interval to 10 – 20 minutes might enhance performance slightly. Changing the LSA Pacing Interval To change the LSA pacing interval to two minutes (120 seconds), enter the following command: FESX424 Router(config-ospf-router)# timers lsa-group-pacing 120 Syntax: [no] timers lsa-group-pacing <secs>...
Page 559: Modify Ospf Standard Compliance Setting
(NBMA) networks, the Designated Router and the Backup Designated Router become adjacent to all other routers attached to the network. Configuration Notes and Limitations • This feature is supported on FESX devices running software release 02.2.00 or later. • This feature is supported on Gigabit Ethernet and 10-Gigabit Ethernet interfaces. •...
Page 560: Specify Types Of Ospf Syslog Messages To Log
Foundry Configuration Guide for the FESX, FSX, and FWSX Syntax: [no] ip ospf network point-to-point Viewing Configured OSPF Point-to-Point Links See “Displaying OSPF Neighbor Information” on page 20-39 and “Displaying OSPF Interface Information” on page 20-42. Specify Types of OSPF Syslog Messages to Log You can specify which kinds of OSPF-related Syslog messages are logged.
Page 561: Displaying General Ospf Configuration Information
300 ip ospf cost 0 ip ospf area 0 Syntax: show ip ospf config Displaying CPU Utilization Statistics You can display CPU utilization statistics for OSPF and other IP protocols. December 2005 © Foundry Networks, Inc. 20 - 37...
Page 562 Foundry Configuration Guide for the FESX, FSX, and FWSX To display CPU utilization statistics for OSPF for the previous one-second, one-minute, five-minute, and fifteen- minute intervals, enter the following command at any level of the CLI: FESX424 Router# show process cpu...
Page 563: Displaying Ospf Area Information
To display OSPF neighbor information, enter the following command at any CLI level: FESX424 Router> show ip ospf neighbor Port Address Pri State Neigh Address Neigh ID 212.76.7.251 full 212.76.7.200 173.35.1.220 December 2005 © Foundry Networks, Inc. 20 - 39...
Page 564 Foundry Configuration Guide for the FESX, FSX, and FWSX To display detailed OSPF neighbor information, enter the following command at any CLI level: FESX424 Router# show ip ospf neighbor detail Port Address Pri State Neigh Address Neigh ID Ev Op Cnt 20.2.0.2...
Page 565 The number of LSAs that were retransmitted. Second-to- The amount of time the Foundry device will wait for a HELLO message from each OSPF dead neighbor before assuming the neighbor is dead. December 2005 © Foundry Networks, Inc. 20 - 41...
Page 566: Displaying Ospf Interface Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying OSPF Interface Information To display OSPF interface information, enter the following command at any CLI level: FastIron SuperX Router# show ip ospf interface 192.168.1.1 Ethernet 2/1,OSPF enabled IP Address 192.168.1.1, Area 0...
Page 567: Displaying Ospf Route Information
OSPF 84 00 Syntax: show ip ospf routes [<ip-addr>] The <ip-addr> parameter specifies a destination IP address. If you use this parameter, only the route entries for that destination are shown. December 2005 © Foundry Networks, Inc. 20 - 43...
Page 568 Foundry Configuration Guide for the FESX, FSX, and FWSX This display shows the following information. Table 20.5: CLI Display of OSPF Route Information This Field... Displays... Index The row number of the entry in the router’s OSPF route table. Destination The IP address of the route's destination.
Page 569: Displaying Ospf External Link State Information
150.150.150.245 80000004 0000751d EXTR 0.0.0.0 130.131.241.16 150.150.150.245 80000004 00002e25 EXTR Syntax: show ip ospf database external-link-state [advertise <num>] | [extensive] | [link-state-id <ip-addr>] | [router-id <ip-addr>] | [sequence-number <num(Hex)>] | [status <num>] December 2005 © Foundry Networks, Inc. 20 - 45...
Page 570: Displaying Ospf Link State Information
Foundry Configuration Guide for the FESX, FSX, and FWSX The advertise <num> parameter displays the hexadecimal data in the specified LSA packet. The <num> parameter identifies the LSA packet by its position in the router’s External LSA table. To determine an LSA packet’s position in the table, enter the show ip ospf external-link-state command to display the table.
Page 571: Displaying The Data In An Lsa
130.130.130.241 80000002 000067df additional entries omitted for brevity... Displaying OSPF Virtual Neighbor Information To display OSPF virtual neighbor information, enter the following command at any CLI level: FESX424 Router> show ip ospf virtual-neighbor December 2005 © Foundry Networks, Inc. 20 - 47...
Page 572: Displaying Ospf Virtual Link Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Syntax: show ip ospf virtual-neighbor [<num>] The <num> parameter displays the table beginning at the specified entry number. Displaying OSPF Virtual Link Information To display OSPF virtual link information, enter the following command at any CLI level: FESX424 Router>...
Page 573: Chapter 21 Configuring Bgp4
This chapter provides details on how to configure Border Gateway Protocol version 4 (BGP4) on Foundry products using the CLI. BGP4 is supported in the following configurations: • FESX Layer 3 switches running software release 02.1.01 or later • FSX Layer 3 switches running software release 02.2.00 or later This chapter contains the following information: Table 21.1: Chapter Contents...
Page 574: Overview Of Bgp4
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.1: Chapter Contents Description See Page Removing route flap dampening 21-107 Clearing diagnostic buffers 21-107 BGP4 is described in RFC 1771. The Foundry implementation fully complies with RFC 1771. The Foundry BGP4 implementation also supports the following RFCs: •...
Page 575: Relationship Between The Bgp4 Route Table And The Ip Route Table
BGP4 routers do not send regular updates. However, if configured to do so, a BGP4 router does regularly send KEEPALIVE messages to its peers to maintain BGP4 December 2005 © Foundry Networks, Inc. 21 - 3...
Page 576: How Bgp4 Selects A Path For A Route
Foundry Configuration Guide for the FESX, FSX, and FWSX sessions with them if the router does not have any route information to send in an UPDATE message. See “BGP4 Message Types” on page 21-5 for information about BGP4 messages. How BGP4 Selects a Path for a Route When multiple paths for the same route are known to a BGP4 router, the router uses the following algorithm to weigh the paths and determine the optimal path for the route.
Page 577: Bgp4 Message Types
Instead, a BGP4 neighbor sends an update to its neighbor when it has a new route to advertise or routes have changed or become unfeasible. An UPDATE message can contain the following information: December 2005 © Foundry Networks, Inc. 21 - 5...
Page 578: Basic Configuration And Activation For Bgp4
Foundry Configuration Guide for the FESX, FSX, and FWSX • Network Layer Reachability Information (NLRI) – The mechanism by which BGP4 supports Classless Interdomain Routing (CIDR). An NLRI entry consists of an IP prefix that indicates a network being advertised by the UPDATE message.
Page 579: Note Regarding Disabling Bgp4
• Optional – Specify a list of individual networks in the local AS to be advertised to remote ASs using BGP4. • Optional – Change the default local preference for routes. December 2005 © Foundry Networks, Inc. 21 - 7...
Page 580: When Parameter Changes Take Effect
Foundry Configuration Guide for the FESX, FSX, and FWSX • Optional – Enable the default route (default-information-originate). • Optional – Enable use of a default route to resolve a BGP4 next-hop route. • Optional – Change the default MED (metric).
Page 581: Memory Considerations
BGP4 data. These devices automatically allocate memory when needed to support BGP4 neighbors, routes, and route attribute entries. Dynamic memory allocation is performed automatically by the software and does not require a reload. December 2005 © Foundry Networks, Inc. 21 - 9...
Page 582: Memory Configuration Options Obsoleted By Dynamic Memory
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.2 lists the maximum total amount of system memory (DRAM) BGP4 can use. The maximum depends on the total amount of system memory on the device. Table 21.2: Maximum Memory Usage...
Page 583: Changing The Router Id
BGP4 neighbor. A loopback interface adds stability to the network by working around route flap problems that can occur due to unstable links between the router and its neighbors. December 2005 © Foundry Networks, Inc. 21 - 11...
Page 584: Adding Bgp4 Neighbors
Foundry Configuration Guide for the FESX, FSX, and FWSX Loopback interfaces are always up, regardless of the states of physical interfaces. Loopback interfaces are especially useful for IBGP neighbors (neighbors in the same AS) that are multiple hops away from the router.
Page 585 The <num,num,...> parameter specifies the list of address-list filters. The router applies the filters in the order in which you list them and stops applying the filters in the distribute list when a match is found. December 2005 © Foundry Networks, Inc. 21 - 13...
Page 586 Foundry Configuration Guide for the FESX, FSX, and FWSX Alternatively, you can specify distribute-list <acl-num> in | out to use an IP ACL instead of a distribute list. In this case, <acl-num> is an IP ACL. NOTE: By default, if a route does not match any of the filters, the Layer 3 Switch denies the route. To change the default behavior, configure the last filter as “permit any any”.
Page 587 Due to Aggregation” on page 21-61. update-source <ip-addr> | ethernet [<slotnum>/]<portnum> | loopback <num> | ve <num> configures the router to communicate with the neighbor through the specified interface. There is no default. December 2005 © Foundry Networks, Inc. 21 - 15...
Page 588 Foundry Configuration Guide for the FESX, FSX, and FWSX weight <num> specifies a weight the Layer 3 Switch will add to routes received from the specified neighbor. BGP4 prefers larger weights over smaller weights. The default weight is 0. Encryption of BGP4 MD5 Authentication Keys When you configure a BGP4 neighbor or neighbor peer group, you can specify an MD5 authentication string for authenticating packets exchanged with the neighbor or peer group of neighbors.
Page 589: Adding A Bgp4 Peer Group
Reset neighbor sessions • Perform soft-outbound resets (the Layer 3 Switch updates outgoing route information to neighbors but does not entirely reset the sessions with those neighbors) • Clear BGP message statistics December 2005 © Foundry Networks, Inc. 21 - 17...
Page 590 Foundry Configuration Guide for the FESX, FSX, and FWSX • Clear error buffers Peer Group Parameters You can set all neighbor parameters in a peer group. When you add a neighbor to the peer group, the neighbor receives all the parameter settings you set in the group, except parameter values you have explicitly configured for the neighbor.
Page 591 If you use internal blanks, you must use quotation marks around the name. For example, the command neighbor “My Three Peers” peer-group is valid, but the command neighbor My Three Peers peer-group is not valid. December 2005 © Foundry Networks, Inc. 21 - 19...
Page 592 Foundry Configuration Guide for the FESX, FSX, and FWSX Syntax: [no] neighbor <ip-addr> | <peer-group-name> [advertisement-interval <num>] [default-originate [route-map <map-name>]] [description <string>] [distribute-list in | out <num,num,...> | <acl-num> in | out] [ebgp-multihop [<num>]] [filter-list in | out <num,num,...> | <acl-num> in | out | weight] [maximum-prefix <num>...
Page 593: Optional Configuration Tasks
By default, the Layer 3 Switch updates its BGP4 next-hop tables and affected BGP4 routes five seconds after IGP route changes. You can change the update timer to a value from 1 – 30 seconds. December 2005 © Foundry Networks, Inc. 21 - 21...
Page 594: Enabling Fast External Fallover
Foundry Configuration Guide for the FESX, FSX, and FWSX To change the BGP4 update timer value, enter a command such as the following at the BGP configuration level of the CLI: FESX424 Router(config-bgp-router)# update-time 15 This command changes the update timer to 15 seconds.
Page 595: Customizing Bgp4 Load Sharing
To enable load sharing of IBGP paths only, enter the following command at the BGP configuration level of the CLI: FESX424 Router(config-bgp-router)# multipath ibgp To enable load sharing of EBGP paths only, enter the following command at the BGP configuration level of the CLI: FESX424 Router(config-bgp-router)# multipath ebgp December 2005 © Foundry Networks, Inc. 21 - 23...
Page 596: Specifying A List Of Networks To Advertise
Foundry Configuration Guide for the FESX, FSX, and FWSX To enable load sharing of paths from different neighboring ASs, enter the following command at the BGP configuration level of the CLI: FESX424 Router(config-bgp-router)# multipath multi-as Syntax: [no] multipath ebgp | ibgp | multi-as The ebgp | ibgp | multi-as parameter specifies the change you are making to load sharing: •...
Page 597: Changing The Default Local Preference
In some cases, such as when the Layer 3 Switch is acting as an edge router, you might want to allow the device to use the default route as a valid next hop. To do so, enter the following command at the BGP4 configuration level of the CLI: FESX424 Router(config-bgp-router)# next-hop-enable-default Syntax: [no] next-hop-enable-default December 2005 © Foundry Networks, Inc. 21 - 25...
Page 598: Advertising The Default Route
Foundry Configuration Guide for the FESX, FSX, and FWSX Advertising the Default Route By default, the Layer 3 Switch does not originate and advertise a default route using BGP4. A BGP4 default route is the IP address 0.0.0.0 and the route prefix 0 or network mask 0.0.0.0. For example, 0.0.0.0/0 is a default route.
Page 599 24. In this case, the Layer 3 Switch tries to use the default route, if present, to reach the sub-net that contains the BGP route’s next-hop gateway. FastIron SuperX Router# show ip route 240.0.0.0/24 Total number of IP routes: 37 Network Address NetMask Gateway Port Cost Type 0.0.0.0 0.0.0.0 10.0.0.202 December 2005 © Foundry Networks, Inc. 21 - 27...
Page 600 Foundry Configuration Guide for the FESX, FSX, and FWSX Example When Recursive Route Lookups Are Enabled When recursive next-hop lookups are enabled, the Layer 3 Switch recursively looks up the next-hop gateways along the route until the Layer 3 Switch finds an IGP route to the BGP route’s destination. Here is an example.
Page 601: Changing Administrative Distances
EBGP – 20 • OSPF – 110 • RIP – 120 • IBGP – 200 • Local BGP – 200 • Unknown – 255 (the router will not use this route) December 2005 © Foundry Networks, Inc. 21 - 29...
Page 602: Enabling Or Disabling Comparison Of The Router Ids
Foundry Configuration Guide for the FESX, FSX, and FWSX Lower administrative distances are preferred over higher distances. For example, if the router receives routes for the same network from OSPF and from RIP, the router will prefer the OSPF route by default. The administrative distances are configured in different places in the software.
Page 603 NOTE: MED comparison is not performed for internal routes originated within the local AS or confederation. To configure the router to always compare MEDs, enter the following command: FESX424 Router(config-bgp-router)# always-compare-med Syntax: [no] always-compare-med December 2005 © Foundry Networks, Inc. 21 - 31...
Page 604: Treating Missing Meds As The Worst Meds
Foundry Configuration Guide for the FESX, FSX, and FWSX Treating Missing MEDs as the Worst MEDs By default, the Layer 3 Switch favors a lower MED over a higher MED during MED comparison. Since the Layer 3 Switch assigns the value 0 to a route path’s MED if the MED value is missing, the default MED comparison results in the Layer 3 Switch favoring the route paths that are missing their MEDs.
Page 605 Layer 3 Switch prevents a routing loop. The Layer 3 Switch did not discard the route in previous software releases. • The first time a route is reflected by a Layer 3 Switch configured as a route reflector, the route reflector adds December 2005 © Foundry Networks, Inc. 21 - 33...
Page 606: Configuring Confederations
Foundry Configuration Guide for the FESX, FSX, and FWSX the CLUSTER_LIST attribute to the route. Other route reflectors who receive the route from an IBGP neighbor add their cluster IDs to the front of the route’s CLUSTER_LIST. If the route reflector does not have a cluster ID configured, the Layer 3 Switch adds its router ID to the front of the CLUSTER_LIST.
Page 607 Thus, routers in other ASs see traffic from AS 10 and are unaware that the routers in AS 10 are subdivided into sub-ASs within a confederation. Configuring a BGP Confederation Perform the following configuration tasks on each BGP router within the confederation: December 2005 © Foundry Networks, Inc. 21 - 35...
Page 608 Foundry Configuration Guide for the FESX, FSX, and FWSX • Configure the local AS number. The local AS number indicates membership in a sub-AS. All BGP routers with the same local AS number are members of the same sub-AS. BGP routers use the local AS number when communicating with other BGP routers within the confederation.
Page 609: Aggregating Routes Advertised To Bgp4 Neighbors
BGP4 by using the following methods. To enable redistribution of all OSPF routes and directly attached routes into BGP4, enter the following commands. FESX424 Router(config)# router bgp FESX424 Router(config-bgp-router)# redistribute ospf December 2005 © Foundry Networks, Inc. 21 - 37...
Page 610: Redistributing Connected Routes
Foundry Configuration Guide for the FESX, FSX, and FWSX FESX424 Router(config-bgp-router)# redistribute connected FESX424 Router(config-bgp-router)# write memory Syntax: [no] redistribute connected | ospf | rip | static The connected parameter indicates that you are redistributing routes to directly attached devices into BGP.
Page 611: Redistributing Ospf External Routes
To disable re-advertisement of BGP4 routes to BGP4 neighbors except for routes that the software also installs in the route table, enter the following command: FESX424 Router(config-bgp-router)# no readvertise Syntax: [no] readvertise December 2005 © Foundry Networks, Inc. 21 - 39...
Page 612: Redistributing Ibgp Routes Into Rip And Ospf
Foundry Configuration Guide for the FESX, FSX, and FWSX To re-enable re-advertisement, enter the following command: FESX424 Router(config-bgp-router)# readvertise Redistributing IBGP Routes into RIP and OSPF By default, the Layer 3 Switch does not redistribute IBGP routes from BGP4 into RIP or OSPF. This behavior helps eliminate routing loops.
Page 613 AS-path filters or AS-path ACLs can be referred to by a BGP neighbor's filter list number as well as by match statements in a route map. Defining an AS-Path Filter To define AS-path filter 4 to permit AS 2500, enter the following command: December 2005 © Foundry Networks, Inc. 21 - 41...
Page 614 Foundry Configuration Guide for the FESX, FSX, and FWSX FESX424 Router(config-bgp-router)# as-path-filter 4 permit 2500 Syntax: as-path-filter <num> permit | deny <as-path> The <num> parameter identifies the filter’s position in the AS-path filter list and can be from 1 – 100. Thus, the AS-path filter list can contain up to 100 filters.
Page 615 AS-path that begins with “3”: A dollar sign matches on the end of an input string. For example, the following regular expression matches on an AS-path that ends with “deg”: deg$ December 2005 © Foundry Networks, Inc. 21 - 43...
Page 616 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.3: BGP4 Special Characters for Regular Expressions (Continued) Character Operation An underscore matches on one or more of the following: • , (comma) • { (left curly brace) • } (right curly brace) •...
Page 617: Filtering Communities
The internet keyword checks for routes that do not have the community attribute. Routes without a specific community are considered by default to be members of the largest community, the Internet. December 2005 © Foundry Networks, Inc. 21 - 45...
Page 618 Foundry Configuration Guide for the FESX, FSX, and FWSX The local-as keyword checks for routes with the well-known community “LOCAL_AS”. This community applies only to confederations. The Layer 3 Switch advertises the route only within the sub-AS. For information about confederations, see “Configuring Confederations”...
Page 619: Defining Ip Prefix Lists
This command configures the Layer 3 Switch to use ACL 1 to select the routes that the Layer 3 Switch will accept from neighbor 10.10.10.1. Syntax: neighbor <ip-addr> distribute-list <name-or-num> in | out The <ip-addr> parameter specifies the neighbor. December 2005 © Foundry Networks, Inc. 21 - 47...
Page 620: Defining Route Maps
Foundry Configuration Guide for the FESX, FSX, and FWSX The <name-or-num> parameter specifies the name or number of a standard, extended, or named ACL. The in | out parameter specifies whether the distribute list applies to inbound or outbound routes: •...
Page 621 To delete a specific instance of a route map without deleting the rest of the route map, enter a command such as the following: FESX424 Router(config)# no route-map Map1 permit 10 This command deletes the specified instance from the route map but leaves the other instances of the route map intact. December 2005 © Foundry Networks, Inc. 21 - 49...
Page 622 Foundry Configuration Guide for the FESX, FSX, and FWSX Specifying the Match Conditions Use the following command to define the match conditions for instance 1 of the route map GET_ONE. This instance compares the route updates against BGP4 address filter 11.
Page 623 The <num> parameter with the first command specifies an IP ACL and can be a number from 1 – 199 or the ACL name if it is a named ACL. To configure an IP ACL, use the ip access-list or access-list command. See “Software-Based IP Access Control Lists (ACLs)” on page 12-1. December 2005 © Foundry Networks, Inc. 21 - 51...
Page 624 Foundry Configuration Guide for the FESX, FSX, and FWSX The <name> parameter with the second command specifies an IP prefix list name. To configure an IP prefix list, see “Defining IP Prefix Lists” on page 21-47. Matching Based on the Route Source To match a BGP4 route based on its source, use the match ip route-source statement.
Page 625 – Removes the metric from the route (removes the MED attribute from the BGP4 route). The metric-type type-1 | type-2 parameter changes the metric type of a route redistributed into OSPF. December 2005 © Foundry Networks, Inc. 21 - 53...
Page 626 Foundry Configuration Guide for the FESX, FSX, and FWSX The metric-type internal parameter sets the route's MED to the same value as the IGP metric of the BGP4 next- hop route. The parameter does this when advertising a BGP4 route to an EBGP neighbor.
Page 627: Configuring Cooperative Bgp4 Route Filtering
When you enable cooperative filtering, the Layer 3 Switch advertises this capability in its Open message to the neighbor when initiating the neighbor session. The Open message also indicates whether the Layer 3 Switch is December 2005 © Foundry Networks, Inc. 21 - 55...
Page 628 Foundry Configuration Guide for the FESX, FSX, and FWSX configured to send filters, receive filters or both, and the types of filters it can send or receive. The Layer 3 Switch sends the filters as Outbound Route Filters (ORFs) in Route Refresh messages.
Page 629 Displaying Cooperative Filtering Information You can display the following cooperative filtering information: • The cooperative filtering configuration on the Layer 3 Switch. • The ORFs received from neighbors. December 2005 © Foundry Networks, Inc. 21 - 57...
Page 630: Configuring Route Flap Dampening
Foundry Configuration Guide for the FESX, FSX, and FWSX To display the cooperative filtering configuration on the Layer 3 Switch, enter a command such as the following. The line shown in bold type shows the cooperative filtering status. FESX424 Router# show ip bgp neighbor 10.10.10.1 IP Address: 10.10.10.1, AS: 65200 (IBGP), RouterID: 10.10.10.1...
Page 631: Globally Configuring Route Flap Dampening
This command changes the half-life to 20 minutes, the reuse threshold to 200, the suppression threshold to 2500, and the maximum number of minutes a route can be dampened to 40. December 2005 © Foundry Networks, Inc. 21 - 59...
Page 632 Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: To change any of the parameters, you must specify all the parameters with the command. If you want to leave some parameters unchanged, enter their default values. Using a Route Map To Configure Route Flap Dampening for Specific Routes Route maps enable you to fine tune route flap dampening parameters for individual routes.
Page 633: Removing Route Dampening From A Route
Removing Route Dampening from a Neighbor’s Routes Suppressed Due to Aggregation You can selectively unsuppress more-specific routes that have been suppressed due to aggregation, and allow the routes to be advertised to a specific neighbor or peer group. December 2005 © Foundry Networks, Inc. 21 - 61...
Page 634 Foundry Configuration Guide for the FESX, FSX, and FWSX Here is an example. FESX424 Router(config-bgp-router)# aggregate-address 209.1.0.0 255.255.0.0 summary-only FESX424 Router(config-bgp-router)# show ip bgp route 209.1.0.0/16 longer Number of BGP Routes matching display condition : 2 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED...
Page 635: Displaying And Clearing Route Flap Dampening Statistics
Displays... Total number of flapping routes The total number of routes in the Layer 3 Switch’s BGP4 route table that have changed state and thus have been marked as flapping routes. December 2005 © Foundry Networks, Inc. 21 - 63...
Page 636: Generating Traps For Bgp
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.4: Route Flap Dampening Statistics This Field... Displays... Status code Indicates the dampening status of the route, which can be one of the following: • > – This is the best route among those in the BGP4 route table to the route’s destination.
Page 637: Displaying Bgp4 Information
ADMDN 0h44m56s 10.1.0.2 ESTAB 0h44m56s 10.2.0.2 ESTAB 0h44m55s 10.3.0.2 ADMDN 0h25m28s 10.4.0.2 ADMDN 0h25m31s 10.5.0.2 CONN 0h 0m 8s 10.7.0.2 ADMDN 0h44m56s 100.0.0.1 ADMDN 0h44m56s 102.0.0.1 ADMDN 0h44m56s 150.150.150.150 ADMDN 0h44m56s December 2005 © Foundry Networks, Inc. 21 - 65...
Page 638 Foundry Configuration Guide for the FESX, FSX, and FWSX This display shows the following information. Table 21.5: BGP4 Summary Information This Field... Displays... Router ID The Layer 3 Switch’s router ID. Local AS Number The BGP4 AS number the router is in.
Page 639 BGP4 route table. Usually, this number is lower than the RoutesRcvd number. The difference indicates that this router filtered out some of the routes received in the UPDATE messages. December 2005 © Foundry Networks, Inc. 21 - 67...
Page 640: Displaying The Active Bgp4 Configuration
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.5: BGP4 Summary Information (Continued) This Field... Displays... Filtered The routes or prefixes that have been filtered out. • If soft reconfiguration is enabled, this field shows how many routes were filtered out (not placed in the BGP4 route table) but retained in memory.
Page 641 If you do not use this parameter, the command lists the usage statistics for the previous one-second, one-minute, five-minute, and fifteen-minute intervals. December 2005 © Foundry Networks, Inc. 21 - 69...
Page 642: Displaying Summary Neighbor Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying Summary Neighbor Information To display summary neighbor information, enter a command such as the following at any level of the CLI: FESX424 Router(config-bgp-router)# show ip bgp neighbor 192.168.4.211 routes- summary IP Address: 192.168.4.211...
Page 643 Withdraws – The number of routes the Layer 3 Switch has sent to the neighbor to withdraw. • Replacements – The number of routes the Layer 3 Switch has sent to the neighbor to replace routes the neighbor already has. December 2005 © Foundry Networks, Inc. 21 - 71...
Page 644 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.6: BGP4 Route Summary Information for a Neighbor (Continued) This Field... Displays... Peer Out of Memory Count for Statistics for the times the Layer 3 Switch has run out of BGP4 memory for the neighbor during the current BGP4 session.
Page 645: Displaying Bgp4 Neighbor Information
[attribute-entries [detail]] | [flap-statistics] | [last-packet-with-error] | [received prefix-filter] | [received-routes] | [routes [best] | [detail [best] | [not-installed-best] | [unreachable]] | [rib-out-routes [<ip-addr>/<mask-bits> | <ip-addr> <net-mask> | detail]] | [routes-summary]] December 2005 © Foundry Networks, Inc. 21 - 73...
Page 646 Foundry Configuration Guide for the FESX, FSX, and FWSX The <ip-addr> option lets you narrow the scope of the command to a specific neighbor. The advertised-routes option displays only the routes that the Layer 3 Switch has advertised to the neighbor during the current BGP4 neighbor session.
Page 647 • IBGP – The neighbor is in the same AS. RouterID The neighbor’s router ID. Description The description you gave the neighbor when you configured it on the Layer 3 Switch. December 2005 © Foundry Networks, Inc. 21 - 75...
Page 648 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.7: BGP4 Neighbor Information (Continued) This Field... Displays... State The state of the router’s session with the neighbor. The states are from this router’s perspective of the session, not the neighbor’s perspective.
Page 649 The message types are the same as for the Message Sent field. Last Update Time Lists the last time updates were sent and received for the following: • NLRIs • Withdraws December 2005 © Foundry Networks, Inc. 21 - 77...
Page 650 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.7: BGP4 Neighbor Information (Continued) This Field... Displays... Last Connection Reset Reason The reason the previous session with this neighbor ended. The reason can be one of the following: •...
Page 651 Peer Removed • Peer Shutdown • Peer AS Number Change • Peer AS Confederation Change • TCP Connection KeepAlive Timeout • TCP Connection Closed by Remote • TCP Data Stream Error Detected December 2005 © Foundry Networks, Inc. 21 - 79...
Page 652 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.7: BGP4 Neighbor Information (Continued) This Field... Displays... Notification Sent If the router receives a NOTIFICATION message from the neighbor, the message contains an error code corresponding to one of the following errors.
Page 653 The next sequence number to be sent. TotUnAck The number of sequence numbers sent by the Layer 3 Switch that have not been acknowledged by the neighbor. TotSent The number of sequence numbers sent to the neighbor. December 2005 © Foundry Networks, Inc. 21 - 81...
Page 654 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.7: BGP4 Neighbor Information (Continued) This Field... Displays... ReTrans The number of sequence numbers that the Layer 3 Switch retransmitted because they were not acknowledged. UnAckSeq The current acknowledged sequence number.
Page 655 Layer 3 Switch does not have a valid RIP, OSPF, or static route to the next hop. History Routes The number of routes that are down but are being retained for route flap dampening purposes. December 2005 © Foundry Networks, Inc. 21 - 83...
Page 656 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.8: BGP4 Route Summary Information for a Neighbor (Continued) This Field... Displays... NLRIs Received in Update Message The number of routes received in Network Layer Reachability (NLRI) format in UPDATE messages.
Page 657 Syntax: show ip bgp neighbor <ip-addr> routes best For information about the fields in this display, see Table 21.10 on page 21-91. The fields in this display also appear in the show ip bgp display. December 2005 © Foundry Networks, Inc. 21 - 85...
Page 658: Displaying Peer Group Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying the Best Routes that Were Nonetheless Not Installed in the IP Route Table To display the BGP4 routes received from a specific neighbor that are the “best” routes to their destinations but are not installed in the Layer 3 Switch’s IP route table, enter a command such as the following at any level of the CLI:...
Page 659: Displaying Summary Route Information
The number of “best” routes in the BGP4 route table that are IBGP routes. EBGP routes selected as best routes The number of “best” routes in the BGP4 route table that are EBGP routes. December 2005 © Foundry Networks, Inc. 21 - 87...
Page 660: Displaying The Bgp4 Route Table
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying the BGP4 Route Table BGP4 uses filters you define as well as the algorithm described in “How BGP4 Selects a Path for a Route” on page 21-4 to determine the preferred route to a destination. BGP4 sends only the preferred route to the router’s IP table.
Page 661 When the Layer 3 Switch has multiple routes to a destination from different sources (such as BGP4, OSPF, RIP, or static routes), the Layer 3 Switch selects the route with the lowest administrative distance as the best route, and installs that route in the IP route table. December 2005 © Foundry Networks, Inc. 21 - 89...
Page 662 Foundry Configuration Guide for the FESX, FSX, and FWSX To display the BGP4 routes are the “best” routes to their destinations but are not installed in the Layer 3 Switch’s IP route table, enter a command such as the following at any level of the CLI: FESX424 Router(config-bgp-router)# show ip bgp routes not-installed-best Searching for matching routes, use ^C to quit...
Page 663 The next-hop router for reaching the network from the Layer 3 Switch. Metric The value of the route’s MED attribute. If the route does not have a metric, this field is blank. December 2005 © Foundry Networks, Inc. 21 - 91...
Page 664 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 21.10: BGP4 Network Information (Continued) This Field... Displays... LocPrf The degree of preference for this route relative to other routes in the local AS. When the BGP4 algorithm compares routes on the basis of local preferences, the route with the higher local preference is chosen.
Page 665 E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED Prefix: 10.5.0.0/24, Status: BME, Age: 0h28m28s NEXT_HOP: 201.1.1.2, Learned from Peer: 10.1.0.2 (5) LOCAL_PREF: 101, MED: 0, ORIGIN: igp, Weight: 10 AS_PATH: 5 Adj_RIB_out count: 4, Admin distance 20 December 2005 © Foundry Networks, Inc. 21 - 93...
Page 666 Foundry Configuration Guide for the FESX, FSX, and FWSX These displays show the following information. Table 21.11: BGP4 Route Information This Field... Displays... Total number of BGP Routes The number of BGP4 routes. Status codes A list of the characters the display uses to indicate the route’s status.
Page 667 This is the number of times the route has been selected as the best route and placed in the Adj-RIB-Out (outbound queue) for a BGP4 neighbor. Communities The communities the route is in. December 2005 © Foundry Networks, Inc. 21 - 95...
Page 668: Displaying Bgp4 Route-Attribute Entries
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying BGP4 Route-Attribute Entries The route-attribute entries table lists the sets of BGP4 attributes stored in the router’s memory. Each set of attributes is unique and can be associated with one or more routes. In fact, the router typically has fewer route attribute entries than routes.
Page 669: Displaying The Routes Bgp4 Has Placed In The Ip Route Table
The IP route table indicates the routes it has received from BGP4 by listing “BGP” as the route type. To display the IP route table, enter the following command: FESX424 Router# show ip route Syntax: show ip route [<ip-addr> | <num> | bgp | ospf | rip] December 2005 © Foundry Networks, Inc. 21 - 97...
Page 670: Displaying Route Flap Dampening Statistics
Foundry Configuration Guide for the FESX, FSX, and FWSX Here is an example of the information displayed by this command. Notice that most of the routes in this example have type “B”, indicating that their source is BGP4. FESX424 Router# show ip route...
Page 671: Displaying The Active Route Map Configuration
This example shows that the running-config contains six route maps. Notice that the match and set statements within each route map are listed beneath the command for the route map itself. In this simplified example, each route map contains only one match or set statement. December 2005 © Foundry Networks, Inc. 21 - 99...
Page 672: Updating Route Information And Resetting A Neighbor Session
Foundry Configuration Guide for the FESX, FSX, and FWSX To display the active configuration for a specific route map, enter a command such as the following, which specifies a route map name: FESX424 Router# show route-map setcomm route-map setcomm permit 1 set community 1234:2345 no-export This example shows the active configuration for a route map called “setcomm“.
Page 673 Syntax: show ip bgp filtered-routes [<ip-addr>] | [as-path-access-list <num>] | [detail] | [prefix-list <string>] The <ip-addr> parameter specifies the IP address of the destination network. The as-path-access-list <num> parameter specifies an AS-path ACL. Only the routes permitted by the AS-path ACL are displayed. December 2005 © Foundry Networks, Inc. 21 - 101...
Page 674: Dynamically Requesting A Route Refresh From Abgp4 Neighbor
Foundry Configuration Guide for the FESX, FSX, and FWSX The detail parameter displays detailed information for the routes. (The example above shows summary information.) You can specify any of the other options after detail to further refine the display request.
Page 675 Layer 3 Switch’s entire BGP4 route table (Adj-RIB-Out) to the neighbor, after changing or excluding the routes affected by the filters. Use soft-outbound if only the outbound policy is changed. December 2005 © Foundry Networks, Inc. 21 - 103...
Page 676 Foundry Configuration Guide for the FESX, FSX, and FWSX To dynamically resend all the Layer 3 Switch’s BGP4 routes to a neighbor, enter a command such as the following: FESX424 Router(config-bgp-router)# clear ip bgp neighbor 192.168.1.170 soft out This command applies its filters for outgoing routes to the Layer 3 Switch’s BGP4 route table (Adj-RIB-Out), changes or excludes routes accordingly, then sends the resulting Adj-RIB-Out to the neighbor.
Page 677: Closing Or Resetting A Neighbor Session
Even if the neighbor already contains a route learned from the Layer 3 Switch that you later decided to filter out, using the soft-outbound option removes that route from the neighbor. December 2005 © Foundry Networks, Inc. 21 - 105...
Page 678: Clearing And Resetting Bgp4 Routes In The Ip Route Table
Foundry Configuration Guide for the FESX, FSX, and FWSX You can specify a single neighbor or a peer group. To close a neighbor session and thus flush all the routes exchanged by the Layer 3 Switch and the neighbor, enter...
Page 679: Removing Route Flap Dampening
The all | <ip-addr> | <peer-group-name> | <as-num> specifies the neighbor. The <ip-addr> parameter specifies a neighbor by its IP interface with the Layer 3 Switch. The <peer-group-name> specifies all neighbors in a specific December 2005 © Foundry Networks, Inc. 21 - 107...
Page 680 Foundry Configuration Guide for the FESX, FSX, and FWSX peer group. The <as-num> parameter specifies all neighbors within the specified AS. The all parameter specifies all neighbors. 21 - 108 © Foundry Networks, Inc. December 2005...
Page 681: Configuring Vrrp And Vrrpe
Forcing a Master Router To Abdicate to a Standby Router 22-18 Displaying VRRP and VRRPE Information 22-19 Configuration Examples 22-29 NOTE: VRRP and VRRPE are separate protocols. You cannot use them together. December 2005 © Foundry Networks, Inc. 22 - 1...
Page 682: Overview
Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: You can use a Foundry Layer 3 Switch configured for VRRP with another Foundry Layer 3 Switch or a third-party router that is also configured for VRRP. However, you can use a Foundry Layer 3 Switch configured for VRRPE only with another Foundry Layer 3 Switch that also is configured for VRRPE.
Page 683 In Figure 22.2, Router1 sends a gratuitous ARP with MAC address 00-00-5e-00-01-01 and IP address 192.53.5.1. Hosts use the virtual router’s MAC address in routed traffic they send to their default IP gateway (in this example, 192.53.5.1). December 2005 © Foundry Networks, Inc. 22 - 3...
Page 684 Foundry Configuration Guide for the FESX, FSX, and FWSX Virtual Router IP Address VRRP does not use virtual IP addresses. Thus, there is no virtual IP address associated with a virtual router. Instead, you associate the virtual router with one or more real interface IP addresses configured on the router that owns the real IP address(es).
Page 685 VRRP uses the same simple password and VRRP packets that do not contain the password are dropped. If your interfaces do not use authentication, neither does VRRP. NOTE: The MD5 authentication type is not supported for VRRP. December 2005 © Foundry Networks, Inc. 22 - 5...
Page 686: Overview Of Vrrpe
Foundry Configuration Guide for the FESX, FSX, and FWSX Independent Operation of VRRP alongside RIP, OSPF, and BGP4 VRRP operation is independent of the RIP, OSPF, and BGP4 protocols. Their operation is unaffected when VRRP is enabled on a RIP, OSPF, or BGP4 interface.
Page 687: Comparison Of Vrrp And Vrrpe
RouterB, its backup priority is decremented by 20 (track priority = 20), so that all traffic destined to the internet is sent through RouterA instead. Comparison of VRRP and VRRPE This section compares Foundry’s router redundancy protocols. December 2005 © Foundry Networks, Inc. 22 - 7...
Page 688: Vrrp
Foundry Configuration Guide for the FESX, FSX, and FWSX VRRP VRRP is a standards-based protocol, described in RFC 2338. The Foundry implementation of VRRP contains the features in RFC 2338. The Foundry implementation also provides the following additional features: •...
Page 689: Vrrp And Vrrpe Parameters
00-00-5e-00-01-<vrid>. The Master owns the Virtual MAC address. • VRRPE – A virtual MAC address defined as 02-E0-52-<hash-value>-<vrid>, where <hash- value> is a two-octet hashed value for the IP address and <vrid> is the VRID. December 2005 © Foundry Networks, Inc. 22 - 9...
Page 690 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 22.2: VRRP and VRRPE Parameters (Continued) Parameter Description Default See page... Authentication The type of authentication the VRRP or VRRPE No authentication 22-5 type routers use to validate VRRP or VRRPE packets.
Page 691: Configuring Basic Vrrp Parameters
To implement a simple VRRP configuration using all the default values, enter commands such as the following. Configuring the Owner Router1(config)# router vrrp Router1(config)# inter e 1/6 Router1(config-if-1/6)# ip address 192.53.5.1 Router1(config-if-1/6)# ip vrrp vrid 1 Router1(config-if-1/6-vrid-1)# owner Router1(config-if-1/6-vrid-1)# ip-address 192.53.5.1 Router1(config-if-1/6-vrid-1)# activate December 2005 © Foundry Networks, Inc. 22 - 11...
Page 692: Configuring A Backup
Foundry Configuration Guide for the FESX, FSX, and FWSX Configuring a Backup Router2(config)# router vrrp Router2(config)# inter e 1/5 Router2(config-if-1/5)# ip address 192.53.5.3 Router2(config-if-1/5)# ip vrrp vrid 1 Router2(config-if-1/5-vrid-1)# backup Router2(config-if-1/5-vrid-1)# ip-address 192.53.5.1 Router2(config-if-1/5-vrid-1)# activate Configuration Rules for VRRP •...
Page 693: Configuring Additional Vrrp And Vrrpe Parameters
VRID configured on the interfaces must use the same authentication type and the same password. To configure the VRID interface on Router1 for simple-password authentication using the password “ourpword”, enter the following commands: December 2005 © Foundry Networks, Inc. 22 - 13...
Page 694 Foundry Configuration Guide for the FESX, FSX, and FWSX Configuring Router 1 Router1(config)# inter e 1/6 Router1(config-if-1/6)# ip vrrp auth-type simple-text-auth ourpword Configuring Router 2 Router2(config)# inter e 1/5 Router2(config-if-1/5)# ip vrrp auth-type simple-text-auth ourpword VRRP Syntax Syntax: ip vrrp auth-type no-auth | simple-text-auth <auth-data>...
Page 695 You can prevent the Backups from advertising route information for the backed up interface by enabling suppression of the advertisements. To suppress RIP advertisements for the backed up interface in Router2, enter the following commands: Router2(config)# router rip Router2(config-rip-router)# use-vrrp-path Syntax: use-vrrp-path December 2005 © Foundry Networks, Inc. 22 - 15...
Page 696 Foundry Configuration Guide for the FESX, FSX, and FWSX The syntax is the same for VRRP and VRRPE. Hello Interval The Master periodically sends Hello messages to the Backups. The Backups use the Hello messages as verification that the Master is still on-line. If the Backup routers stop receiving the Hello messages for the period of time specified by the Dead interval, the Backup routers determine that the Master router is dead.
Page 697 Master following the disappearance of the Master continues to be the Master. The new Master is not preempted. NOTE: In VRRP, regardless of the setting for the preempt parameter, the Owner always becomes the Master again when it comes back online. December 2005 © Foundry Networks, Inc. 22 - 17...
Page 698: Forcing A Master Router To Abdicate To A Standby Router
Foundry Configuration Guide for the FESX, FSX, and FWSX To disable preemption on a Backup, enter commands such as the following: Router1(config)# inter e 1/6 Router1(config-if-1/6)# ip vrrp vrid 1 Router1(config-if-1/6-vrid-1)# non-preempt-mode Syntax: non-preempt-mode The syntax is the same for VRRP and VRRPE.
Page 699: Displaying Vrrp And Vrrpe Information
VRRPE routers. Interface The interface on which VRRP or VRRPE is configured. If VRRP or VRRPE is configured on multiple interfaces, information for each interface is listed separately. December 2005 © Foundry Networks, Inc. 22 - 19...
Page 700: Displaying Detailed Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Table 22.3: CLI Display of VRRP or VRRPE Summary Information (Continued) This Field... Displays... VRID The VRID configured on this interface. If multiple VRIDs are configured on the interface, information for each VRID is listed in a separate row.
Page 701 The ve <num> parameter specifies a virtual interface. If you use this parameter, the command displays VRRP or VRRPE information only for the specified virtual interface. The stat parameter displays statistics. See “Displaying Statistics” on page 22-26. December 2005 © Foundry Networks, Inc. 22 - 21...
Page 702 Foundry Configuration Guide for the FESX, FSX, and FWSX This display shows the following information. Table 22.4: CLI Display of VRRP or VRRPE Detailed Information This Field... Displays... Total number of VRRP (or VRRP- The total number of VRIDs configured on this Layer 3 Switch.
Page 703 Note: Hello messages from Backups are disabled by default. You must enable the Hello messages on the Backup for the Backup to advertise itself to the current Master. See “Hello Messages” on page 22-4. December 2005 © Foundry Networks, Inc. 22 - 23...
Page 704 Foundry Configuration Guide for the FESX, FSX, and FWSX Table 22.4: CLI Display of VRRP or VRRPE Detailed Information (Continued) This Field... Displays... backup router <ip-addr> expires in The IP addresses of Backups that have advertised themselves to this <time>...
Page 705 Whether the backup preempt mode is enabled. If the backup preempt mode is enabled, this field contains “true”. If the mode is disabled, this field contains “false”. advertise backup Whether Backup routers send Hello messages to the Master. December 2005 © Foundry Networks, Inc. 22 - 25...
Page 706: Displaying Statistics
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying Statistics To display statistics on most Foundry devices, enter a command such as the following at any level of the CLI: FastIron SuperX Router(config-if-e1000-1/5-vrid-1)# show ip vrrp statistic Interface ethernet 1/5...
Page 707: Clearing Vrrp Or Vrrpe Statistics
Use the following methods to clear VRRP or VRRPE statistics. To clear VRRP or VRRPE statistics, enter the following command at the Privileged EXEC level or any configuration level of the CLI: Router1(config)# clear ip vrrp-stat Syntax: clear ip vrrp-stat December 2005 © Foundry Networks, Inc. 22 - 27...
Page 708 Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying CPU Utilization Statistics You can display CPU utilization statistics for VRRP and other IP protocols. To display CPU utilization statistics for the previous one-second, one-minute, five-minute, and fifteen-minute intervals, enter the following command at any level of the CLI:...
Page 709: Configuration Examples
NOTE: When you configure a Backup router, the router interface on which you are configuring the VRID must have a real IP address that is in the same sub-net as the address associated with the VRID by the Owner. However, the address cannot be the same. December 2005 © Foundry Networks, Inc. 22 - 29...
Page 710: Vrrpe Example
Foundry Configuration Guide for the FESX, FSX, and FWSX The priority parameter establishes the router’s VRRP priority in relation to the other VRRP router(s) in this virtual router. The track-priority parameter specifies the new VRRP priority that the router receives for this VRID if the interface goes down.
Page 711 The activate and enable commands do the same thing. Syntax: router vrrp-extended Syntax: ip vrrp-extended vrid <vrid> Syntax: backup [priority <value>] [track-priority <value>] Syntax: track-port ethernet [<slotnum>/]<portnum> | ve <num> Syntax: ip-address <ip-addr> Syntax: activate December 2005 © Foundry Networks, Inc. 22 - 31...
Page 712 Foundry Configuration Guide for the FESX, FSX, and FWSX 22 - 32 © Foundry Networks, Inc. December 2005...
Page 713: Configuration Files
Secondary flash – A second flash storage device. You can use the secondary flash to store redundant images for additional booting reliability or to preserve one software image while testing another one. December 2005 © Foundry Networks, Inc. 23 - 1...
Page 714: Determining The Softwarev
CLI. Some examples are shown below. FESX, and FWSX Devices To determine the flash image version running on a FESX, or FWSX device, enter the show version command at any level of the CLI. The following shows an example output.
Page 715 To determine the flash image version running on a FSX, enter the show version command at any level of the CLI. The following is an example output. FastIron SuperX Switch# show version SW: Version 02.0.00T2e1 Copyright (c) 1996-2004 Foundry Networks, Inc. Compiled on Dec 20 2004 at 16:08:06 labeled as SXS02000 (2294152 bytes) from Primary sxs02000.bin BootROM: Version 02.0.00T2e5 (FEv2)
Page 716: Determining The Image Versions Installed In Flash Memory
For example, you can- not load FESX boot or flash images on a FSX device, and vice versa. Also, you cannot load other imag- es, such as B2R or B2S, for BigIron devices, on the FastIron family of switches.
Page 717: Upgrading The Boot Code
Upgrading from FESX pre-02.2.00 or FSX pre-02.2.01a to the New Release If your device is running a software release earlier than FESX 02.2.00 or FSX 02.2.01a, you must first upgrade it to FESX 02.2.00 or later, or FSX 02.2.01a or later, before you can upgrade it to the new release. Follow the instructions, below.
Page 718: Using Snmp To Upgrade Software
Foundry Configuration Guide for the FESX, FSX, and FWSX Verify that the flash code has been successfully copied by entering the following command at any level of the CLI: • show flash If the flash code version is correct, go to Step 5. Otherwise, go to Step 1.
Page 719: Rebooting
You can upload either the startup configuration file or the running configuration file to the TFTP server for backup and use in booting the system. • Startup configuration file – This file contains the configuration information that is currently saved in flash. December 2005 © Foundry Networks, Inc. 23 - 7...
Page 720: Replacing The Startup Configuration With The Running Configuration
Foundry Configuration Guide for the FESX, FSX, and FWSX To display this file, enter the show configuration command at any CLI prompt. • Running configuration file – This file contains the configuration active in the system RAM but not yet saved to flash.
Page 721: Dynamic Configuration Loading
CLI entering a configuration level you did not intend, then you can get unexpected results. For example, if a trunk group is active on the device, and the configuration file contains a command to disable December 2005 © Foundry Networks, Inc. 23 - 9...
Page 722 Foundry Configuration Guide for the FESX, FSX, and FWSX STP on one of the secondary ports in the trunk group, the CLI rejects the commands to enter the interface configuration level for the port and moves on to the next command in the file you are loading. If the next command is a spanning-tree command whose syntax is valid at the global CONFIG level as well as the interface configuration level, then the software applies the command globally.
Page 723: Using Snmp To Save And Load Configuration Information
21 – Download a startup-config file from a TFTP server to the Foundry device’s flash memory. 22 – Upload the running-config from the Foundry device’s flash memory to the TFTP server. December 2005 © Foundry Networks, Inc. 23 - 11...
Page 724: Erasing Image And Configuration Files
Foundry Configuration Guide for the FESX, FSX, and FWSX 23 – Download a configuration file from a TFTP server into the Foundry device’s running-config. NOTE: Command option 23 adds configuration information to the running-config on the device, and does not replace commands. If you want to replace configuration information in the device, use “no” forms of the configuration commands to remove the configuration information, then use configuration commands to create the configuration information you want.
Page 725: Canceling A Scheduled Reload
You accidentally attempted to copy the incorrect image code into the system. For example, you might have tried to copy a Chassis image into a Stackable device. Retry the transfer using the correct image. December 2005 © Foundry Networks, Inc. 23 - 13...
Page 726 Foundry Configuration Guide for the FESX, FSX, and FWSX Error Message Explanation and action code TFTP remote - general error. The TFTP configuration has an error. The specific error message describes the TFTP remote - no such file. error. TFTP remote - access violation.
Page 727: Syslog Messages
• Alerts • Critical • Errors • Warnings • Notifications • Informational • Debugging The device writes the messages to a local buffer. The buffer can hold up to 1000 entries. December 2005 © Foundry Networks, Inc. A - 1...
Page 728: Displaying Syslog Messages
Foundry Configuration Guide for the FESX, FSX, and FWSX You also can specify the IP address or host name of up to six Syslog servers. When you specify a Syslog server, the Foundry device writes the messages both to the system log and to the Syslog server.
Page 729: Configuring The Syslog Service
Messages of all severity levels (Emergencies – Debugging) are logged. • By default, up to 50 messages are retained in the local Syslog buffer. This can be changed. • No Syslog server is specified. December 2005 © Foundry Networks, Inc. A - 3...
Page 730: Displaying The Syslog Configuration
Foundry Configuration Guide for the FESX, FSX, and FWSX Displaying the Syslog Configuration To display the Syslog parameters currently in effect on a Foundry device, enter the following command from any level of the CLI: FESX424 Router> show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Page 731 The contents of the time stamp differ depending on whether you have set the time and date on the onboard system clock. • If you have set the time and date on the onboard system clock, the date and time are shown in the following format: mm dd hh:mm:ss where: December 2005 © Foundry Networks, Inc. A - 5...
Page 732 Foundry Configuration Guide for the FESX, FSX, and FWSX • mm – abbreviation for the name of the month • dd – day • hh – hours • mm – minutes • ss – seconds For example, “Oct 15 17:38:03” means October 15 at 5:38 PM and 3 seconds.
Page 733: Specifying A Syslog Server
Syntax: logging host <ip-addr> | <server-name> Disabling Logging of a Message Level To change the message level, disable logging of specific message levels. You must disable the message levels on an individual basis. December 2005 © Foundry Networks, Inc. A - 7...
Page 734: Changing The Number Of Entries The Local Buffer Can Hold
Foundry Configuration Guide for the FESX, FSX, and FWSX For example, to disable logging of debugging and informational messages, enter the following commands: FESX424 Router(config)# no logging buffered debugging FESX424 Router(config)# no logging buffered informational Syntax: [no] logging buffered <level> | <num-entries>...
Page 735: Displaying The Interface Name In Syslog Messages
Dec 15 18:45:15:I:Warm start Clearing the Syslog Messages from the Local Buffer To clear the Syslog messages stored in the Foundry device’s local buffer, enter the following command: FESX424 Router# clear logging December 2005 © Foundry Networks, Inc. A - 9...
Page 736 Foundry Configuration Guide for the FESX, FSX, and FWSX Syntax: clear logging Displaying TCP/UDP Port Numbers in Syslog Messages The command ip show-acl-service-number allows you to change the display of TCP/UDP application information from the TCP/UDP well-known port name to the TCP/UDP port number. For example, entering the following command causes the Foundry device to display http (the well-known port name) instead of 80 (the port number) in the output of show commands, and other commands that contain application port information.
Page 737 <mac-address> on a tagged port because VLAN does not match with TAGGED vlan) the packet with this MAC address as the source was tagged with a VLAN ID different from the RADIUS-supplied VLAN ID. December 2005 © Foundry Networks, Inc. A - 11...
Page 738 Foundry Configuration Guide for the FESX, FSX, and FWSX Table A.3: Foundry Syslog Messages (Continued) Message Level Message Explanation Alert Management module at slot <slot-num> Indicates a state change in a management state changed from <module-state> to module. <module-state>. The <slot-num> indicates the chassis slot containing the module.
Page 739 Foundry device becoming the root bridge. The <vlan-id> is the ID of the VLAN in which the STP topology change occurred. The <root-id> is the STP bridge root ID. December 2005 © Foundry Networks, Inc. A - 13...
Page 740 Foundry Configuration Guide for the FESX, FSX, and FWSX Table A.3: Foundry Syslog Messages (Continued) Message Level Message Explanation Informational Bridge root changed, vlan <vlan-id>, new A Spanning Tree Protocol (STP) topology root ID <string>, root interface <portnum> change has occurred.
Page 741 The status of the interface’s controlled port AuthControlledPortStatus change: has changed from unauthorized to authorized authorized. Informational DOT1X: Port <portnum>, The status of the interface’s controlled port AuthControlledPortStatus change: has changed from authorized to unauthorized unauthorized. December 2005 © Foundry Networks, Inc. A - 15...
Page 742 Foundry Configuration Guide for the FESX, FSX, and FWSX Table A.3: Foundry Syslog Messages (Continued) Message Level Message Explanation Informational Enable super | port-config | read-only A user created, re-configured, or deleted an password deleted | added | modified from...
Page 743 802.3ad link aggregation is configured on the link-aggregation module. device, and the feature has dynamically created a trunk group (aggregate link). The <ports> is a list of the ports that were aggregated to make the trunk group. December 2005 © Foundry Networks, Inc. A - 17...
Page 744 Foundry Configuration Guide for the FESX, FSX, and FWSX Table A.3: Foundry Syslog Messages (Continued) Message Level Message Explanation Informational user <username> added | deleted | modified A user created, modified, or deleted a local from console | telnet | ssh | web | snmp user account via the Web, SNMP, console, SSH, or Telnet session.
Page 745 IS-IS resources are overloaded. Notification ISIS EXITING FROM OVERLOAD STATE The Layer 3 Switch has set the overload bit to off (0), indicating that the Layer 3 Switch’s IS-IS resources are no longer overloaded. December 2005 © Foundry Networks, Inc. A - 19...
Page 746 Foundry Configuration Guide for the FESX, FSX, and FWSX Table A.3: Foundry Syslog Messages (Continued) Message Level Message Explanation Notification ISIS L1 ADJACENCY DOWN <system-id> The Layer 3 Switch’s adjacency with this on circuit <circuit-id> Level-1 IS has gone down.
Page 747 • down • loopback • waiting • point-to-point • designated router • backup designated router • other designated router • unknown December 2005 © Foundry Networks, Inc. A - 21...
Page 748 Foundry Configuration Guide for the FESX, FSX, and FWSX Table A.3: Foundry Syslog Messages (Continued) Message Level Message Explanation Notification OSPF intf authen failure, rid <router-id>, Indicates that an OSPF interface intf addr <ip-addr>, authentication failure has occurred. pkt src addr <src-ip-addr>, The <router-id>...
Page 749 • unknown The <packet-type> can be one of the following: • hello • database description • link state request • link state update • link state ack • unknown December 2005 © Foundry Networks, Inc. A - 23...
Page 750 Foundry Configuration Guide for the FESX, FSX, and FWSX Table A.3: Foundry Syslog Messages (Continued) Message Level Message Explanation Notification OSPF intf rcvd bad pkt, rid <router-id>, Indicates that an OSPF interface received a intf addr <ip-addr>, bad packet. pkt src addr <src-ip-addr>, The <router-id>...
Page 751 OSPF LSDB approaching overflow, The software is close to an LSDB condition. rid <router-id>, limit <num> The <router-id> is the router ID of the Foundry device. The <num> is the number of LSAs. December 2005 © Foundry Networks, Inc. A - 25...
Page 752 Foundry Configuration Guide for the FESX, FSX, and FWSX Table A.3: Foundry Syslog Messages (Continued) Message Level Message Explanation Notification OSPF LSDB overflow, rid <router-id>, A Link State Database Overflow (LSDB) limit <num> condition has occurred. The <router-id> is the router ID of the Foundry device.
Page 753 • unknown The <packet-type> can be one of the following: • hello • database description • link state request • link state update • link state ack • unknown December 2005 © Foundry Networks, Inc. A - 27...
Page 754 Foundry Configuration Guide for the FESX, FSX, and FWSX Table A.3: Foundry Syslog Messages (Continued) Message Level Message Explanation Notification OSPF virtual intf config error, Indicates that an OSPF virtual routing rid <router-id>, intf addr <ip-addr>, interface configuration error has occurred.
Page 755 • link state update • link state ack • unknown The <lsa-type> is the type of LSA. The <lsa-id> is the LSA ID. The <lsa-router-id> is the LSA router ID. December 2005 © Foundry Networks, Inc. A - 29...
Page 756 Foundry Configuration Guide for the FESX, FSX, and FWSX Table A.3: Foundry Syslog Messages (Continued) Message Level Message Explanation Notification OSPF virtual intf state changed, Indicates that the state of an OSPF virtual rid <router-id>, area <area-id>, routing interface has changed.
Page 757 • init • master • backup • unknown Warning DOT1X security violation at port <portnum>, A security violation was encountered at the malicious mac address detected: <mac- specified port number. address> December 2005 © Foundry Networks, Inc. A - 31...
Page 758 Foundry Configuration Guide for the FESX, FSX, and FWSX Table A.3: Foundry Syslog Messages (Continued) Message Level Message Explanation Warning Dup IP <ip-addr> detected, sent from MAC Indicates that the Foundry device received a <mac-addr> interface <portnum> packet from another device on the network with an IP address that is also configured on the Foundry device.
Page 759 The <ip-addr> indicates the network number in the denied updates. The <num> indicates how many packets matching the values above were dropped during the five-minute interval represented by the log entry. December 2005 © Foundry Networks, Inc. A - 33...
Page 760 Foundry Configuration Guide for the FESX, FSX, and FWSX A - 34 © Foundry Networks, Inc. December 2005...
Page 761: Remote Network Monitoring
You can access software and hardware specifics for a Foundry Layer 2 Switch or Layer 3 Switch. To view the software and hardware details for the system, enter the show version command: FESX424 Router# show version Syntax: show version December 2005 © Foundry Networks, Inc. B - 1...
Page 762: Viewing Configuration Information
Foundry Configuration Guide for the FESX, FSX, and FWSX Viewing Configuration Information You can view a variety of configuration details and statistics with the show option. The show option provides a convenient way to check configuration changes before saving them to flash.
Page 763 Jabbers: The packets were longer than 1518 octets and had a bad FCS. • Fragments: The packets were less than 64 octets long and had a bad FCS. • The packet was undersized (short). December 2005 © Foundry Networks, Inc. B - 3...
Page 764 Foundry Configuration Guide for the FESX, FSX, and FWSX Table B.2: Port Statistics (Continued) This Line... Displays... InFragments The total number of packets received for which both of the following was true: • The length was less than 64 bytes.
Page 765: Viewing Stp Statistics
Events (RMON Group 9) The CLI allows you to make configuration changes to the control data for these groups, but you need a separate RMON application to view and display the data graphically. December 2005 © Foundry Networks, Inc. B - 5...
Page 766: Statistics (Rmon Group 1
Foundry Configuration Guide for the FESX, FSX, and FWSX Statistics (RMON Group 1) Count information on multicast and broadcast packets, total packets sent, undersized and oversized packets, CRC alignment errors, jabbers, collision, fragments and dropped events is collected for each port on a Foundry Layer 2 Switch or Layer 3 Switch.
Page 767 These documents define jabber as the condition where any packet exceeds 20 ms. The allowed range to detect jabber is between 20 ms and 150 ms. This number does not include framing bits but does include FCS octets. December 2005 © Foundry Networks, Inc. B - 7...
Page 768: History (Rmon Group 2
Foundry Configuration Guide for the FESX, FSX, and FWSX Table B.3: Export Configuration and Statistics (Continued) This Line... Displays... Collisions The best estimate of the total number of collisions on this Ethernet segment. 64 octets pkts The total number of packets received that were 64 octets long.
Page 769: Alarm (Rmon Group 3
RFC 3176, “InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks”. Refer to this RFC to determine the contents of the sampled packet. December 2005 © Foundry Networks, Inc. B - 9...
Page 770 Foundry Configuration Guide for the FESX, FSX, and FWSX Configuration Considerations Hardware Support • FESX, FWSX, and FSX devices support sFlow packet sampling of inbound traffic only. These devices do not sample outbound packets. • sFlow is supported on all Ethernet ports (10/100, Gigabit, and 10 Gigabit) On these devices, sample data is collected from inbound traffic on ports enabled for sFlow.
Page 771: Configuring And Enabling Sflow
The default port number is 6343. The sampled sFlow data sent to the collectors includes an agent_address field. This field identifies the device that sent the data. See “Source Address” on page B-10. December 2005 © Foundry Networks, Inc. B - 11...
Page 772: Configuration Considerations
Foundry Configuration Guide for the FESX, FSX, and FWSX Changing the Polling Interval The polling interval defines how often sFlow byte and packet counter data for a port are sent to the sFlow collector(s). If multiple ports are enabled for sFlow, the Foundry device staggers transmission of the counter data to smooth performance.
Page 773 • 134217728 • 536870912 • 2147483648 For example, if the configured sampling rate is 1000, then the actual rate is 2048 and 1 in 2048 packets are sampled by the hardware. December 2005 © Foundry Networks, Inc. B - 13...
Page 774 Foundry Configuration Guide for the FESX, FSX, and FWSX Changing the Sampling Rate of a Module You cannot change a module’s sampling rate directly. You can change a module’s sampling rate only by changing the sampling rate of a port on that module.
Page 775 Port 1/5, configured rate=512, actual rate=512, Subsampling factor=1 Port 1/4, configured rate=512, actual rate=512, Subsampling factor=1 Port 1/3, configured rate=512, actual rate=512, Subsampling factor=1 Port 1/2, configured rate=1000, actual rate=2048, Subsampling factor=4 Syntax: show sflow December 2005 © Foundry Networks, Inc. B - 15...
Page 776 Foundry Configuration Guide for the FESX, FSX, and FWSX This command shows the following information. Table B.4: sFlow Information This Field... Displays... sFlow services The feature state, which can be one of the following: • disabled • enabled sFlow agent IP address The IP address that sFlow is using in the agent_address field of packets sent to the collectors.
Page 777: Command Syntax
To display an uplink utilization list, enter a command such as the following at any level of the CLI: FastIron SuperX Router(config)# show relative-utilization 1 December 2005 © Foundry Networks, Inc. B - 17...
Page 778 Foundry Configuration Guide for the FESX, FSX, and FWSX uplink: ethe 1 30-sec total uplink packet count = 3011 packet count ratio (%) 1/ 2:60 1/ 3:40 In this example, ports 1/2 and 1/3 are sending traffic to port 1/1. Port 1/2 and port 1/3 are isolated (not shared by multiple clients) and typically do not exchange traffic with other ports except for the uplink port, 1/1.
Page 779: Appendix C Policies And Filters
Learn or drop RIP routes on incoming traffic, based on network address or the RIP neighbor’s IP address. • Control learning and advertisement of RIP routes, based on network address or the RIP neighbor’s IP December 2005 © Foundry Networks, Inc. C - 1...
Page 780: Scope
Foundry Configuration Guide for the FESX, FSX, and FWSX address. • Control learning and advertisement of IPX RIP routes. • Permit or deny access to IPX servers. • Control learning and advertisement of routes learned from BGP4 neighbors. You can filter based on network address information, AS-path information, and community names.
Page 781: Policy And Filter Precedence Q O S
MAC filters and IP access policies on the same port. NOTE: You cannot use Layer 2 filters to filter for Layer 4 information. To filter for Layer 4 information, use IP access policies (filters). December 2005 © Foundry Networks, Inc. C - 3...
Page 782: Foundry Policies
Foundry Configuration Guide for the FESX, FSX, and FWSX NOTE: If you do choose to apply filters for multiple layers to the same port, note that Layer 2 MAC filters can affect the Layer 3 IP traffic that a port permits or denies on multinetted interfaces. A multinetted interface has multiple IP sub-net interfaces on the same port.
Page 783 Static MAC entries The FESX, FSX, and FWSX provide eight QoS queues: 0 (normal) – 7 (highest priority). The default queue for all packets is normal (or 0). You can change a QoS policy by placing a port, VLAN, or static MAC entry into a higher queue.
Page 784 Foundry Configuration Guide for the FESX, FSX, and FWSX For example, if you have a port-based VLAN that contains ports 1 – 12, you can configure some or all of the ports in the VLAN as an AppleTalk protocol VLAN. AppleTalk broadcast traffic received on one of the ports in the AppleTalk VLAN is broadcast to the other ports in the AppleTalk VLAN, but not to ports outside the AppleTalk VLAN.
Page 785: Layer 2 Filters
Telnet. To block management access, use an Access Control List (ACL). See “Software-Based IP Access Control Lists (ACLs)” on page 5-1. December 2005 © Foundry Networks, Inc. C - 7...
Page 786 Foundry Configuration Guide for the FESX, FSX, and FWSX Action MAC filters forward (permit) or drop (deny) packets. Scope You configure MAC filters globally, then apply them to individual ports. The filters do not take effect until applied to specific ports. MAC filters apply only to incoming packets.
Page 787: Layer 3 Filters
Layer 3 filters control a Foundry device’s transmission and receipt of packets based on routing protocol information in the packets. Foundry devices provide the following types of Layer 3 filters: • RIP route filters December 2005 © Foundry Networks, Inc. C - 9...
Page 788 Foundry Configuration Guide for the FESX, FSX, and FWSX • RIP neighbor filters • BGP route address filters • BGP route AS-path filters • BGP route community filters • RIP redistribution filters • OSPF redistribution filters • BGP redistribution filters...
Page 789 When the device learns an RIP route, the route is added to the RIP route table. Scope You configure RIP neighbor filters globally. They are automatically applied to all RIP ports as soon as you configure them. December 2005 © Foundry Networks, Inc. C - 11...
Page 790 Foundry Configuration Guide for the FESX, FSX, and FWSX Syntax Use the following CLI commands to configure RIP neighbor filters. Table C.12: RIP Neighbor Filters CLI syntax FESX424 Router(config-rip-router)# neighbor <filter-num> permit | deny <source-IP-address> | any BGP4 Filters Border Gateway Protocol version 4 (BGP4) filters control the routes that a Foundry device learns from BGP4 neighbors and advertises to BGP4 neighbors.
Page 791 BGP routes. You use this command when configuring a route map. If the comparison matches a route, set statements in the route map specify the action to take. See “Defining Route Maps” on page 14-49. December 2005 © Foundry Networks, Inc. C - 13...
Page 792 Foundry Configuration Guide for the FESX, FSX, and FWSX BGP4 Community Filters BGP4 community filters control whether the Foundry device learns or drops BGP4 route information based on the route’s community membership. Actions • A BGP4 community filter applied to inbound packets permits (learns) or denies (drops) routes for networks with the specified community membership in BGP4 updates received from a BGP4 neighbor.
Page 793 RIP redistribution filters permit (redistribute) or deny (do not redistribute) OSPF or BGP4 routes into RIP. Scope You configure RIP redistribution filters globally. They are automatically applied as soon as you configure them. December 2005 © Foundry Networks, Inc. C - 15...
Page 794 Foundry Configuration Guide for the FESX, FSX, and FWSX Syntax Use the following CLI commands to configure RIP redistribution filters. Table C.16: RIP Redistribution Filters CLI syntax FESX424 Router(config-rip-router)# permit | deny redistribute <filter- num> all | bgp | ospf | static address <ip-addr> <ip-mask>...
Page 795 FESX424 Router(config-bgp-router)# redistribute rip | ospf | static [match internal | external1 | external2] [metric <num>] [route-map <name>] [weight <num>] NOTE: The optional match internal | external1 | external2 argument applies only to OSPF. December 2005 © Foundry Networks, Inc. C - 17...
Page 796 Foundry Configuration Guide for the FESX, FSX, and FWSX C - 18 © Foundry Networks, Inc. December 2005...
Page 797: Software Features And Specifications
NOTE: For a list of features supported on a specific product, see the data sheet for that product. Feature Highlights The FESX, and FSX support many of the applicable system-level, Layer 2, and Layer 3 features supported on the BigIron Chassis devices. The FWSX supports system-level and Layer 2 features only. It does not support base Layer 3 and full Layer 3 features.
Page 798: Supported Features
FESX448-PREM FSX-PREM FWSX424 Layer 2 Layer 2 FWSX448 Supported Features Table D.2 lists the feature highlights in the FSX, FESX, and FWSX software. Table D.2: List of Supported Features Supported on Category, Description, and Configuration Notes FESX FWSX Management Features...
Page 799 Foundry Discovery Protocol (FDP) / Cisco Discovery Protocol (CDP) Jumbo frames • Supported in Gigabit products only (FESX and FWSX) • Up to 9216 bytes on FSX, FESX, and FWSX Mini jumbo frames • FES support only, starting with release 03.2.00 •...
Page 800 Static MAC entries with option to set priority Trunk groups • FESX, FWSX, and FSX devices support up to 4-port trunk groups (trunk groups on these devices can have 2, 3, or 4 ports) Layer 2 Features 802.1d Spanning Tree Support •...
Page 801 Category, Description, and Configuration Notes FESX FWSX Topology groups Uni-directional Link Detection (UDLD) (Link keepalive) Virtual Cable Testing (VCT) technology • FESX support starts in release 01.1.00 Virtual Switch Redundancy Protocol (VSRP) VLAN Support: • 802.1Q with tagging • 802.1Q-in-Q Super Aggregated VLANs (SAVs) FESX support starts in release 01.1.00...
Page 802 Foundry Configuration Guide for the FESX, FSX, and FWSX Table D.2: List of Supported Features (Continued) Supported on Category, Description, and Configuration Notes FESX FWSX IGMP V1 and V2 • FESX support starts in release 02.0.00. • FESX support starts in release 02.0.00.
Page 803: Unsupported Features
Software Features and Specifications Unsupported Features Table D.3 lists the features that are not supported on the FSX, FESX, and FWSX. If required, these features are available on other Foundry devices. Table D.3: List of Unsupported Features Not Supported on...
Page 804: Ieee Compliance
Foundry Configuration Guide for the FESX, FSX, and FWSX IEEE Compliance Foundry devices support the following standards. Table D.4: IEEE Compliance Standard Description FESX FWSX 802.1d Bridging 802.1D 1998 802.1p/q VLAN Tagging and Priority 802.1w Rapid Spanning Tree 802.1x Port-based Authentication, Dynamic VLAN, ACL, and MAC Filter Group Assignment 802.3...
Page 805: Rfc Support
Requirements for Internet hosts (routers) 1141 Incremental updating of the Internet checksum 1155 Structure and Identification of Management Information (SMI) 1157 Simple Network Management Protocol (SNMP) version 1 1191 Path MTU Discovery December 2005 © Foundry Networks, Inc. D - 9...
Page 806 Foundry Configuration Guide for the FESX, FSX, and FWSX Table D.5: Foundry RFC Support (Continued) FESX FWSX RFC Number Protocol or Standard 1212 Concise MIB Definitions 1213 MIB II Definitions 1215 SNMP generic traps 1256 ICMP Router Discovery Protocol (IRDP)
Page 807 802.3 Medium Attachment Units (MAUs) using SMIv2 2283 Multiprotocol Extensions for BGP4 2328 OSPF version 2 Note: AS External LSA reduction is supported. 2336 IGMP version 2 2338 Virtual Router Redundancy Protocol (VRRP) December 2005 © Foundry Networks, Inc. D - 11...
Page 808 Foundry Configuration Guide for the FESX, FSX, and FWSX Table D.5: Foundry RFC Support (Continued) FESX FWSX RFC Number Protocol or Standard 2362 IP Multicast PIM Sparse 2370 The OSPF Opaque LSA Option 2385 TCP MD5 Signature Option (for BGP4)
Page 809 Protection for Denial of Service attacks, such as TCP SYN or Smurf Attacks RMON HP OpenView for Sun Solaris, HP-UX, IBM’s AIX, and Windows NT Secure Copy (SCP) SSH V 1.5 TACACS/TACACS+ TELNET and SSH V1 UDLD Username/Password (challenge and response) December 2005 © Foundry Networks, Inc. D - 13...
Page 810: Internet Drafts
Foundry Configuration Guide for the FESX, FSX, and FWSX Internet Drafts In addition to the RFCs listed in “RFC Support” on page D-9, the Layer 3 Switches support the following Internet drafts: • ietf-idmr-dvmrp version 3.05, obsoletes RFC 1075 •...
Page 811: Appendix E Cautions And Warnings
VORSICHT: Nehmen Sie vor dem Anschließen oder Abtrennen des Geräts das Stromkabel vom Netzteil ab. Ansonsten könnten das Netzteil oder das Gerät beschädigt werden. (Das Gerät kann December 2005 © Foundry Networks, Inc. E - 1...
Page 812 Foundry Configuration Guide for the FESX, FSX, and FWSX während des Anschließens oder Annehmens des Netzteils laufen. Nur das Netzteil sollte nicht an eine Stromquelle angeschlossen sein.) MISE EN GARDE: Enlevez le cordon d'alimentation d'un bloc d'alimentation avant de l'installer ou de l'enlever du dispositif.
Page 813 CAUTION: For the DC input circuit to an FES, FESX, or FWSX (DC power supply part number RPS5DC and RPS-X424-DC), make sure there is a 10-amp listed circuit breaker, minimum -48VDC, double pole, on the input to the terminal block. The input wiring for connection to the product should be Listed copper wire, 14 AWG, marked VW-1, and rated 90 degrees Celsius.
Page 814 VW-1 et classés 90 degrés Celsius. PRECAUCIÓN: Para el circuito de entrada de CC a un modelo FES o FESX (suministro de corriente continua con No. de referencia RPS5DC y RPS-X424-DC), verifique que haya un cortacircuitos catalogado para 10 amperios, mínimo de –48 VCC, bipolar, en la entrada al bloque terminal.
Page 815 802.3af. Si se instala el suministro de corriente en un dispositivo que no sea el FastIron SuperX POE, se producirán daños de consideración al equipo. December 2005 © Foundry Networks, Inc. E - 5...
Page 816: Warnings
Foundry Configuration Guide for the FESX, FSX, and FWSX Warnings A warning calls your attention to a possible hazard that can cause injury or death. The following are the warnings used in this manual. "Achtung" weist auf eine mögliche Gefährdung hin, die zu Verletzungen oder Tod führen können. Sie finden die folgenden Warnhinweise in diesem Handbuch: Un avertissement attire votre attention sur un risque possible de blessure ou de décès.
Page 817 Esta marca será su garantía de que el cordón de corriente puede ser utilizado con seguridad con el instrumento. December 2005 © Foundry Networks, Inc. E - 7...
Page 818 Netzteils laufen. Nur das Netzteil sollte nicht an eine Stromquelle angeschlossen sein. Ansonsten können Sie verletzt oder das Netzteil bzw. andere Geräteteile beschädigt werden. AVERTISSEMENT: Les blocs d'alimentation peuvent être changés à chaud. Cependant, Foundry Networks vous conseille de débrancher le bloc d'alimentation de l'alimentation C.A. avant d'installer ou d'enlever le bloc d'alimentation.
Page 819 Il est possible que le ventilateur tourne encore à grande vitesse. ADVERTENCIA: Procure no insertar los dedos accidentalmente en la bandeja del ventilador cuando esté desmontando el chasis. El ventilador podría estar girando a gran velocidad. December 2005 © Foundry Networks, Inc. E - 9...
Page 820 Foundry Configuration Guide for the FESX, FSX, and FWSX E - 10 © Foundry Networks, Inc. December 2005...

This manual is also suitable for:

Fwsx Fsx Fastiron workgroup switch x424 Fastiron workgroup switch x448